Updated version and assets for release v23.12

Query of existing entity permissions during view permission generation
could cause timeouts or SQL placeholder limits due to massive whereOr
query generation, where an "or where" clause would be created for each
entity type/id combo involved, which could be all within 20 books.

This updates the query handling to use a query per type involved, with
no "or where"s, and to be chunked at large entity counts.

Also tweaked role-specific permission regen to chunk books at
half-previous rate to prevent such a large scope being involved on each
chunk.

For #4695

.env.example.complete

@@ -72,7 +72,7 @@ MYSQL_ATTR_SSL_CA="/path/to/ca.pem"
 # Mail configuration
 # Refer to https://www.bookstackapp.com/docs/admin/email-webhooks/#email-configuration
 MAIL_DRIVER=smtp
-MAIL_FROM=mail@bookstackapp.com
+MAIL_FROM=bookstack@example.com
 MAIL_FROM_NAME=BookStack
 
 MAIL_HOST=localhost
@@ -273,6 +273,7 @@ OIDC_USER_TO_GROUPS=false
 OIDC_GROUPS_CLAIM=groups
 OIDC_REMOVE_FROM_GROUPS=false
 OIDC_EXTERNAL_ID_CLAIM=sub
+OIDC_END_SESSION_ENDPOINT=false
 
 # Disable default third-party services such as Gravatar and Draw.IO
 # Service-specific options will override this option

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,7 +1,14 @@
 name: Bug Report
-description: Create a report to help us improve or fix things
+description: Create a report to help us fix bugs & issues in existing supported functionality
 labels: [":bug: Bug"]
 body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out a bug report!
+        Please note that this form is for reporting bugs in existing supported functionality.
+        
+        If you are reporting something that's not an issue in functionality we've previously supported and/or is simply something different to your expectations, then it may be more appropriate to raise via a feature or support request instead.
   - type: textarea
     id: description
     attributes:
@@ -13,7 +20,7 @@ body:
     id: reproduction
     attributes:
       label: Steps to Reproduce
-      description: Detail the steps that would replicate this issue
+      description: Detail the steps that would replicate this issue.
       placeholder: |
         1. Go to '...'
         2. Click on '....'
@@ -32,7 +39,7 @@ body:
     id: context
     attributes:
       label: Screenshots or Additional Context
-      description: Provide any additional context and screenshots here to help us solve this issue
+      description: Provide any additional context and screenshots here to help us solve this issue.
     validations:
       required: false
   - type: input
@@ -48,23 +55,7 @@ body:
     id: bsversion
     attributes:
       label: Exact BookStack Version
-      description: This can be found in the settings view of BookStack. Please provide an exact version.
-      placeholder: (eg. v21.08.5)
-    validations:
-      required: true
-  - type: input
-    id: phpversion
-    attributes:
-      label: PHP Version
-      description: Keep in mind your command-line PHP version may differ to that of your webserver. Provide that relevant to the issue.
-      placeholder: (eg. 7.4)
-    validations:
-      required: false
-  - type: textarea
-    id: hosting
-    attributes:
-      label: Hosting Environment
-      description: Describe your hosting environment as much as possible including any proxies used (If applicable).
-      placeholder: (eg. Ubuntu 20.04 VPS, installed using official installation script)
+      description: This can be found in the settings view of BookStack. Please provide an exact version(s) you've tested on.
+      placeholder: (eg. v23.06.7)
     validations:
       required: true

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -33,9 +33,9 @@ body:
     attributes:
       label: Have you searched for an existing open/closed issue?
       description: |
-        To help us keep these issues under control, please ensure you have first [searched our issue list](https://github.com/BookStackApp/BookStack/issues?q=is%3Aissue) for any existing issues that cover the fundemental benefit/goal of your request.
+        To help us keep these issues under control, please ensure you have first [searched our issue list](https://github.com/BookStackApp/BookStack/issues?q=is%3Aissue) for any existing issues that cover the fundamental benefit/goal of your request.
       options:
-        - label: I have searched for existing issues and none cover my fundemental request
+        - label: I have searched for existing issues and none cover my fundamental request
           required: true
   - type: dropdown
     id: existing_usage
@@ -43,8 +43,8 @@ body:
       label: How long have you been using BookStack?
       options:
         - Not using yet, just scoping
-        - 0 to 6 months
-        - 6 months to 1 year
+        - Under 3 months
+        - 3 months to 1 year
         - 1 to 5 years
         - Over 5 years
     validations:

.github/ISSUE_TEMPLATE/support_request.yml

@@ -33,7 +33,7 @@ body:
     attributes:
       label: Exact BookStack Version
       description: This can be found in the settings view of BookStack. Please provide an exact version.
-      placeholder: (eg. v21.08.5)
+      placeholder: (eg. v23.06.7)
     validations:
       required: true
   - type: textarea
@@ -44,19 +44,11 @@ body:
       placeholder: Be sure to remove any confidential details in your logs
     validations:
       required: false
-  - type: input
-    id: phpversion
-    attributes:
-      label: PHP Version
-      description: Keep in mind your command-line PHP version may differ to that of your webserver. Provide that most relevant to the issue.
-      placeholder: (eg. 7.4)
-    validations:
-      required: false
   - type: textarea
     id: hosting
     attributes:
       label: Hosting Environment
       description: Describe your hosting environment as much as possible including any proxies used (If applicable).
-      placeholder: (eg. Ubuntu 20.04 VPS, installed using official installation script)
+      placeholder: (eg. PHP8.1 on Ubuntu 22.04 VPS, installed using official installation script)
     validations:
       required: true

.github/SECURITY.md

@@ -15,18 +15,13 @@ If you'd like to be notified of new potential security concerns you can [sign-up
 If you've found an issue that likely has no impact to existing users (For example, in a development-only branch)
 feel free to raise it via a standard GitHub bug report issue.
 
-If the issue could have a security impact to BookStack instances, please use one of the below 
-methods to report the vulnerability:
-
-- Directly contact the lead maintainer [@ssddanbrown](https://github.com/ssddanbrown). 
-  - You will need to login to be able to see the email address on the [GitHub profile page](https://github.com/ssddanbrown).
-  - Alternatively you can send a DM via Twitter to [@ssddanbrown](https://twitter.com/ssddanbrown).
-- [Disclose via huntr.dev](https://huntr.dev/bounties/disclose)
-  - Bounties may be available to you through this platform.
-  - Be sure to use `https://github.com/BookStackApp/BookStack` as the repository URL.
+If the issue could have a security impact to BookStack instances, 
+please directly contact the lead maintainer [@ssddanbrown](https://github.com/ssddanbrown). 
+You will need to log in to be able to see the email address on the [GitHub profile page](https://github.com/ssddanbrown).
+Alternatively you can send a DM via Mastodon to [@danb@fosstodon.org](https://fosstodon.org/@danb).
 
 Please be patient while the vulnerability is being reviewed. Deploying the fix to address the vulnerability
 can often take a little time due to the amount of preparation required, to ensure the vulnerability has
 been covered, and to create the content required to adequately notify the user-base.
 
-Thank you for keeping BookStack instances safe!
+Thank you for keeping BookStack instances safe!

.github/translators.txt

@@ -57,6 +57,7 @@ Name :: Languages
 @Jokuna :: Korean
 @smartshogu :: German; German Informal
 @samadha56 :: Persian
+@mrmuminov :: Uzbek
 cipi1965 :: Italian
 Mykola Ronik (Mantikor) :: Ukrainian
 furkanoyk :: Turkish
@@ -176,7 +177,7 @@ Alexander Predl (Harveyhase68) :: German
 Rem (Rem9000) :: Dutch
 Michał Stelmach (stelmach-web) :: Polish
 arniom :: French
-REMOVED_USER :: ; French; Dutch; Turkish
+REMOVED_USER :: French; Dutch; Portuguese, Brazilian; Portuguese; Turkish; 
 林祖年 (contagion) :: Chinese Traditional
 Siamak Guodarzi (siamakgoudarzi88) :: Persian
 Lis Maestrelo (lismtrl) :: Portuguese, Brazilian
@@ -269,7 +270,7 @@ mcgong (GongMingCai) :: Chinese Simplified; Chinese Traditional
 Nanang Setia Budi (sefidananang) :: Indonesian
 Андрей Павлов (andrei.pavlov) :: Russian
 Alex Navarro (alex.n.navarro) :: Portuguese, Brazilian
-Ji-Hyeon Gim (PotatoGim) :: Korean
+Jihyeon Gim (PotatoGim) :: Korean
 Mihai Ochian (soulstorm19) :: Romanian
 HeartCore :: German Informal; German
 simon.pct :: French
@@ -289,7 +290,7 @@ Ismael Mesquita (mesquitoliveira) :: Portuguese, Brazilian
 LiZerui (CNLiZerui) :: Chinese Traditional
 Fabrice Boyer (FabriceBoyer) :: French
 mikael (bitcanon) :: Swedish
-Matthias Mai (schnapsidee) :: German; German Informal
+Matthias Mai (schnapsidee) :: German Informal; German
 Ufuk Ayyıldız (ufukayyildiz) :: Turkish
 Jan Mitrof (jan.kachlik) :: Czech
 edwardsmirnov :: Russian
@@ -347,7 +348,7 @@ robing29 :: German
 Bruno Eduardo de Jesus Barroso (brunoejb) :: Portuguese, Brazilian
 Igor V Belousov (biv) :: Russian
 David Bauer (davbauer) :: German
-Guttorm Hveem (guttormhveem) :: Norwegian Bokmal
+Guttorm Hveem (guttormhveem) :: Norwegian Nynorsk; Norwegian Bokmal
 Minh Giang Truong (minhgiang1204) :: Vietnamese
 Ioannis Ioannides (i.ioannides) :: Greek
 Vadim (vadrozh) :: Russian
@@ -355,3 +356,33 @@ Flip333 :: German Informal; German
 Paulo Henrique (paulohsantos114) :: Portuguese, Brazilian
 Dženan (Dzenan) :: Swedish
 Péter Péli (peter.peli) :: Hungarian
+TWME :: Chinese Traditional
+Sascha (Man-in-Black) :: German; German Informal
+Mohammadreza Madadi (madadi.efl) :: Persian
+Konstantin (kkovacheli) :: Ukrainian; Russian
+link1183 :: French
+Renan (rfpe) :: Portuguese, Brazilian
+Lowkey (bbsweb) :: Chinese Simplified
+ZZnOB (zznobzz) :: Russian
+rupus :: Swedish
+developernecsys :: Norwegian Nynorsk
+xuan LI (xuanli233) :: Chinese Simplified
+LameeQS :: Latvian
+Sorin T. (trimbitassorin) :: Romanian
+poesty :: Chinese Simplified
+balmag :: Hungarian
+Antti-Jussi Nygård (ajnyga) :: Finnish
+Eduard Ereza Martínez (Ereza) :: Catalan
+Jabir Lang (amar.almrad) :: Arabic
+Jaroslav Koblizek (foretix) :: Czech; French
+Wiktor Adamczyk (adamczyk.wiktor) :: Polish
+Abdulmajeed Alshuaibi (4Majeed) :: Arabic
+NotSmartZakk :: Czech
+HyoungMin Lee (ddokkaebi) :: Korean
+Dasferco :: Chinese Simplified
+Marcus Teräs (mteras) :: Finnish
+Serkan Yardim (serkanzz) :: Turkish
+Y (cnsr) :: Ukrainian
+ZY ZV (vy0b0x) :: Chinese Simplified
+diegobenitez :: Spanish
+Marc Hagen (MarcHagen) :: Dutch

.github/workflows/analyse-php.yml

@@ -1,6 +1,12 @@
 name: analyse-php
 
-on: [push, pull_request]
+on:
+  push:
+    paths:
+      - '**.php'
+  pull_request:
+    paths:
+      - '**.php'
 
 jobs:
   build:

.github/workflows/lint-js.yml

@@ -1,6 +1,14 @@
 name: lint-js
 
-on: [push, pull_request]
+on:
+  push:
+    paths:
+      - '**.js'
+      - '**.json'
+  pull_request:
+    paths:
+      - '**.js'
+      - '**.json'
 
 jobs:
   build:

.github/workflows/lint-php.yml

@@ -1,6 +1,12 @@
 name: lint-php
 
-on: [push, pull_request]
+on:
+  push:
+    paths:
+      - '**.php'
+  pull_request:
+    paths:
+      - '**.php'
 
 jobs:
   build:

.github/workflows/test-migrations.yml

@@ -1,6 +1,14 @@
 name: test-migrations
 
-on: [push, pull_request]
+on:
+  push:
+    paths:
+      - '**.php'
+      - 'composer.*'
+  pull_request:
+    paths:
+      - '**.php'
+      - 'composer.*'
 
 jobs:
   build:
@@ -8,7 +16,7 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        php: ['8.0', '8.1', '8.2']
+        php: ['8.0', '8.1', '8.2', '8.3']
     steps:
       - uses: actions/checkout@v1
 

.github/workflows/test-php.yml

@@ -1,6 +1,14 @@
 name: test-php
 
-on: [push, pull_request]
+on:
+  push:
+    paths:
+      - '**.php'
+      - 'composer.*'
+  pull_request:
+    paths:
+      - '**.php'
+      - 'composer.*'
 
 jobs:
   build:
@@ -8,7 +16,7 @@ jobs:
     runs-on: ubuntu-22.04
     strategy:
       matrix:
-        php: ['8.0', '8.1', '8.2']
+        php: ['8.0', '8.1', '8.2', '8.3']
     steps:
     - uses: actions/checkout@v1
 

.gitignore

@@ -29,4 +29,5 @@ webpack-stats.json
 .phpunit.result.cache
 .DS_Store
 phpstan.neon
-esbuild-meta.json
+esbuild-meta.json
+.phpactor.json

app/Access/Controllers/ForgotPasswordController.php

@@ -9,11 +9,6 @@ use Illuminate\Support\Facades\Password;
 
 class ForgotPasswordController extends Controller
 {
-    /**
-     * Create a new controller instance.
-     *
-     * @return void
-     */
     public function __construct()
     {
         $this->middleware('guest');
@@ -30,10 +25,6 @@ class ForgotPasswordController extends Controller
 
     /**
      * Send a reset link to the given user.
-     *
-     * @param \Illuminate\Http\Request $request
-     *
-     * @return \Illuminate\Http\RedirectResponse
      */
     public function sendResetLinkEmail(Request $request)
     {
@@ -56,13 +47,13 @@ class ForgotPasswordController extends Controller
             $message = trans('auth.reset_password_sent', ['email' => $request->get('email')]);
             $this->showSuccessNotification($message);
 
-            return back()->with('status', trans($response));
+            return redirect('/password/email')->with('status', trans($response));
         }
 
         // If an error was returned by the password broker, we will get this message
         // translated so we can notify a user of the problem. We'll redirect back
         // to where the users came from so they can attempt this process again.
-        return back()->withErrors(
+        return redirect('/password/email')->withErrors(
             ['email' => trans($response)]
         );
     }

app/Access/Controllers/LoginController.php

@@ -3,34 +3,26 @@
 namespace BookStack\Access\Controllers;
 
 use BookStack\Access\LoginService;
-use BookStack\Access\SocialAuthService;
+use BookStack\Access\SocialDriverManager;
 use BookStack\Exceptions\LoginAttemptEmailNeededException;
 use BookStack\Exceptions\LoginAttemptException;
 use BookStack\Facades\Activity;
 use BookStack\Http\Controller;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Auth;
 use Illuminate\Validation\ValidationException;
 
 class LoginController extends Controller
 {
     use ThrottlesLogins;
 
-    protected SocialAuthService $socialAuthService;
-    protected LoginService $loginService;
-
-    /**
-     * Create a new controller instance.
-     */
-    public function __construct(SocialAuthService $socialAuthService, LoginService $loginService)
-    {
+    public function __construct(
+        protected SocialDriverManager $socialDriverManager,
+        protected LoginService $loginService,
+    ) {
         $this->middleware('guest', ['only' => ['getLogin', 'login']]);
         $this->middleware('guard:standard,ldap', ['only' => ['login']]);
         $this->middleware('guard:standard,ldap,oidc', ['only' => ['logout']]);
-
-        $this->socialAuthService = $socialAuthService;
-        $this->loginService = $loginService;
     }
 
     /**
@@ -38,7 +30,7 @@ class LoginController extends Controller
      */
     public function getLogin(Request $request)
     {
-        $socialDrivers = $this->socialAuthService->getActiveDrivers();
+        $socialDrivers = $this->socialDriverManager->getActive();
         $authMethod = config('auth.method');
         $preventInitiation = $request->get('prevent_auto_init') === 'true';
 
@@ -52,7 +44,7 @@ class LoginController extends Controller
         // Store the previous location for redirect after login
         $this->updateIntendedFromPrevious();
 
-        if (!$preventInitiation && $this->shouldAutoInitiate()) {
+        if (!$preventInitiation && $this->loginService->shouldAutoInitiate()) {
             return view('auth.login-initiate', [
                 'authMethod'    => $authMethod,
             ]);
@@ -101,15 +93,9 @@ class LoginController extends Controller
     /**
      * Logout user and perform subsequent redirect.
      */
-    public function logout(Request $request)
+    public function logout()
     {
-        Auth::guard()->logout();
-        $request->session()->invalidate();
-        $request->session()->regenerateToken();
-
-        $redirectUri = $this->shouldAutoInitiate() ? '/login?prevent_auto_init=true' : '/';
-
-        return redirect($redirectUri);
+        return redirect($this->loginService->logout());
     }
 
     /**
@@ -200,7 +186,7 @@ class LoginController extends Controller
     {
         // Store the previous location for redirect after login
         $previous = url()->previous('');
-        $isPreviousFromInstance = (strpos($previous, url('/')) === 0);
+        $isPreviousFromInstance = str_starts_with($previous, url('/'));
         if (!$previous || !setting('app-public') || !$isPreviousFromInstance) {
             return;
         }
@@ -211,23 +197,11 @@ class LoginController extends Controller
         ];
 
         foreach ($ignorePrefixList as $ignorePrefix) {
-            if (strpos($previous, url($ignorePrefix)) === 0) {
+            if (str_starts_with($previous, url($ignorePrefix))) {
                 return;
             }
         }
 
         redirect()->setIntendedUrl($previous);
     }
-
-    /**
-     * Check if login auto-initiate should be valid based upon authentication config.
-     */
-    protected function shouldAutoInitiate(): bool
-    {
-        $socialDrivers = $this->socialAuthService->getActiveDrivers();
-        $authMethod = config('auth.method');
-        $autoRedirect = config('auth.auto_initiate');
-
-        return $autoRedirect && count($socialDrivers) === 0 && in_array($authMethod, ['oidc', 'saml2']);
-    }
 }

app/Access/Controllers/OidcController.php

@@ -11,9 +11,6 @@ class OidcController extends Controller
 {
     protected OidcService $oidcService;
 
-    /**
-     * OpenIdController constructor.
-     */
     public function __construct(OidcService $oidcService)
     {
         $this->oidcService = $oidcService;
@@ -63,4 +60,12 @@ class OidcController extends Controller
 
         return redirect()->intended();
     }
+
+    /**
+     * Log the user out then start the OIDC RP-initiated logout process.
+     */
+    public function logout()
+    {
+        return redirect($this->oidcService->logout());
+    }
 }

app/Access/Controllers/RegisterController.php

@@ -4,7 +4,7 @@ namespace BookStack\Access\Controllers;
 
 use BookStack\Access\LoginService;
 use BookStack\Access\RegistrationService;
-use BookStack\Access\SocialAuthService;
+use BookStack\Access\SocialDriverManager;
 use BookStack\Exceptions\StoppedAuthenticationException;
 use BookStack\Exceptions\UserRegistrationException;
 use BookStack\Http\Controller;
@@ -15,7 +15,7 @@ use Illuminate\Validation\Rules\Password;
 
 class RegisterController extends Controller
 {
-    protected SocialAuthService $socialAuthService;
+    protected SocialDriverManager $socialDriverManager;
     protected RegistrationService $registrationService;
     protected LoginService $loginService;
 
@@ -23,14 +23,14 @@ class RegisterController extends Controller
      * Create a new controller instance.
      */
     public function __construct(
-        SocialAuthService $socialAuthService,
+        SocialDriverManager $socialDriverManager,
         RegistrationService $registrationService,
         LoginService $loginService
     ) {
         $this->middleware('guest');
         $this->middleware('guard:standard');
 
-        $this->socialAuthService = $socialAuthService;
+        $this->socialDriverManager = $socialDriverManager;
         $this->registrationService = $registrationService;
         $this->loginService = $loginService;
     }
@@ -43,7 +43,7 @@ class RegisterController extends Controller
     public function getRegister()
     {
         $this->registrationService->ensureRegistrationAllowed();
-        $socialDrivers = $this->socialAuthService->getActiveDrivers();
+        $socialDrivers = $this->socialDriverManager->getActive();
 
         return view('auth.register', [
             'socialDrivers' => $socialDrivers,

app/Access/Controllers/ResetPasswordController.php

@@ -66,7 +66,7 @@ class ResetPasswordController extends Controller
         // redirect them back to where they came from with their error message.
         return $response === Password::PASSWORD_RESET
             ? $this->sendResetResponse()
-            : $this->sendResetFailedResponse($request, $response);
+            : $this->sendResetFailedResponse($request, $response, $request->get('token'));
     }
 
     /**
@@ -83,7 +83,7 @@ class ResetPasswordController extends Controller
     /**
      * Get the response for a failed password reset.
      */
-    protected function sendResetFailedResponse(Request $request, string $response): RedirectResponse
+    protected function sendResetFailedResponse(Request $request, string $response, string $token): RedirectResponse
     {
         // We show invalid users as invalid tokens as to not leak what
         // users may exist in the system.
@@ -91,7 +91,7 @@ class ResetPasswordController extends Controller
             $response = Password::INVALID_TOKEN;
         }
 
-        return redirect()->back()
+        return redirect("/password/reset/{$token}")
             ->withInput($request->only('email'))
             ->withErrors(['email' => trans($response)]);
     }

app/Access/Controllers/Saml2Controller.php

@@ -9,14 +9,9 @@ use Illuminate\Support\Str;
 
 class Saml2Controller extends Controller
 {
-    protected Saml2Service $samlService;
-
-    /**
-     * Saml2Controller constructor.
-     */
-    public function __construct(Saml2Service $samlService)
-    {
-        $this->samlService = $samlService;
+    public function __construct(
+        protected Saml2Service $samlService
+    ) {
         $this->middleware('guard:saml2');
     }
 
@@ -36,7 +31,12 @@ class Saml2Controller extends Controller
      */
     public function logout()
     {
-        $logoutDetails = $this->samlService->logout(auth()->user());
+        $user = user();
+        if ($user->isGuest()) {
+            return redirect('/login');
+        }
+
+        $logoutDetails = $this->samlService->logout($user);
 
         if ($logoutDetails['id']) {
             session()->flash('saml2_logout_request_id', $logoutDetails['id']);
@@ -64,7 +64,7 @@ class Saml2Controller extends Controller
     public function sls()
     {
         $requestId = session()->pull('saml2_logout_request_id', null);
-        $redirect = $this->samlService->processSlsResponse($requestId) ?? '/';
+        $redirect = $this->samlService->processSlsResponse($requestId);
 
         return redirect($redirect);
     }

app/Access/Controllers/SocialController.php

@@ -16,22 +16,12 @@ use Laravel\Socialite\Contracts\User as SocialUser;
 
 class SocialController extends Controller
 {
-    protected SocialAuthService $socialAuthService;
-    protected RegistrationService $registrationService;
-    protected LoginService $loginService;
-
-    /**
-     * SocialController constructor.
-     */
     public function __construct(
-        SocialAuthService $socialAuthService,
-        RegistrationService $registrationService,
-        LoginService $loginService
+        protected SocialAuthService $socialAuthService,
+        protected RegistrationService $registrationService,
+        protected LoginService $loginService,
     ) {
         $this->middleware('guest')->only(['register']);
-        $this->socialAuthService = $socialAuthService;
-        $this->registrationService = $registrationService;
-        $this->loginService = $loginService;
     }
 
     /**
@@ -89,7 +79,7 @@ class SocialController extends Controller
             try {
                 return $this->socialAuthService->handleLoginCallback($socialDriver, $socialUser);
             } catch (SocialSignInAccountNotUsed $exception) {
-                if ($this->socialAuthService->driverAutoRegisterEnabled($socialDriver)) {
+                if ($this->socialAuthService->drivers()->isAutoRegisterEnabled($socialDriver)) {
                     return $this->socialRegisterCallback($socialDriver, $socialUser);
                 }
 
@@ -101,7 +91,7 @@ class SocialController extends Controller
             return $this->socialRegisterCallback($socialDriver, $socialUser);
         }
 
-        return redirect()->back();
+        return redirect('/');
     }
 
     /**
@@ -112,7 +102,7 @@ class SocialController extends Controller
         $this->socialAuthService->detachSocialAccount($socialDriver);
         session()->flash('success', trans('settings.users_social_disconnected', ['socialAccount' => Str::title($socialDriver)]));
 
-        return redirect(user()->getEditUrl());
+        return redirect('/my-account/auth#social-accounts');
     }
 
     /**
@@ -124,7 +114,7 @@ class SocialController extends Controller
     {
         $socialUser = $this->socialAuthService->handleRegistrationCallback($socialDriver, $socialUser);
         $socialAccount = $this->socialAuthService->newSocialAccount($socialDriver, $socialUser);
-        $emailVerified = $this->socialAuthService->driverAutoConfirmEmailEnabled($socialDriver);
+        $emailVerified = $this->socialAuthService->drivers()->isAutoConfirmEmailEnabled($socialDriver);
 
         // Create an array of the user data to create a new user instance
         $userData = [

app/Access/Controllers/ThrottlesLogins.php

@@ -71,7 +71,7 @@ trait ThrottlesLogins
      */
     protected function limiter(): RateLimiter
     {
-        return app(RateLimiter::class);
+        return app()->make(RateLimiter::class);
     }
 
     /**

app/Access/EmailConfirmationService.php

@@ -2,8 +2,8 @@
 
 namespace BookStack\Access;
 
+use BookStack\Access\Notifications\ConfirmEmailNotification;
 use BookStack\Exceptions\ConfirmationEmailException;
-use BookStack\Notifications\ConfirmEmail;
 use BookStack\Users\Models\User;
 
 class EmailConfirmationService extends UserTokenService
@@ -26,7 +26,7 @@ class EmailConfirmationService extends UserTokenService
         $this->deleteByUser($user);
         $token = $this->createTokenForUser($user);
 
-        $user->notify(new ConfirmEmail($token));
+        $user->notify(new ConfirmEmailNotification($token));
     }
 
     /**

app/Access/LoginService.php

@@ -16,13 +16,11 @@ class LoginService
 {
     protected const LAST_LOGIN_ATTEMPTED_SESSION_KEY = 'auth-login-last-attempted';
 
-    protected $mfaSession;
-    protected $emailConfirmationService;
-
-    public function __construct(MfaSession $mfaSession, EmailConfirmationService $emailConfirmationService)
-    {
-        $this->mfaSession = $mfaSession;
-        $this->emailConfirmationService = $emailConfirmationService;
+    public function __construct(
+        protected MfaSession $mfaSession,
+        protected EmailConfirmationService $emailConfirmationService,
+        protected SocialDriverManager $socialDriverManager,
+    ) {
     }
 
     /**
@@ -163,4 +161,33 @@ class LoginService
 
         return $result;
     }
+
+    /**
+     * Logs the current user out of the application.
+     * Returns an app post-redirect path.
+     */
+    public function logout(): string
+    {
+        auth()->logout();
+        session()->invalidate();
+        session()->regenerateToken();
+
+        return $this->shouldAutoInitiate() ? '/login?prevent_auto_init=true' : '/';
+    }
+
+    /**
+     * Check if login auto-initiate should be active based upon authentication config.
+     */
+    public function shouldAutoInitiate(): bool
+    {
+        $autoRedirect = config('auth.auto_initiate');
+        if (!$autoRedirect) {
+            return false;
+        }
+
+        $socialDrivers = $this->socialDriverManager->getActive();
+        $authMethod = config('auth.method');
+
+        return count($socialDrivers) === 0 && in_array($authMethod, ['oidc', 'saml2']);
+    }
 }

app/Access/Notifications/ConfirmEmailNotification.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace BookStack\Access\Notifications;
+
+use BookStack\App\MailNotification;
+use BookStack\Users\Models\User;
+use Illuminate\Notifications\Messages\MailMessage;
+
+class ConfirmEmailNotification extends MailNotification
+{
+    public function __construct(
+        public string $token
+    ) {
+    }
+
+    public function toMail(User $notifiable): MailMessage
+    {
+        $appName = ['appName' => setting('app-name')];
+
+        return $this->newMailMessage()
+                ->subject(trans('auth.email_confirm_subject', $appName))
+                ->greeting(trans('auth.email_confirm_greeting', $appName))
+                ->line(trans('auth.email_confirm_text'))
+                ->action(trans('auth.email_confirm_action'), url('/register/confirm/' . $this->token));
+    }
+}

app/Access/Notifications/ResetPasswordNotification.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace BookStack\Access\Notifications;
+
+use BookStack\App\MailNotification;
+use BookStack\Users\Models\User;
+use Illuminate\Notifications\Messages\MailMessage;
+
+class ResetPasswordNotification extends MailNotification
+{
+    public function __construct(
+        public string $token
+    ) {
+    }
+
+    public function toMail(User $notifiable): MailMessage
+    {
+        return $this->newMailMessage()
+            ->subject(trans('auth.email_reset_subject', ['appName' => setting('app-name')]))
+            ->line(trans('auth.email_reset_text'))
+            ->action(trans('auth.reset_password'), url('password/reset/' . $this->token))
+            ->line(trans('auth.email_reset_not_requested'));
+    }
+}

app/Access/Notifications/UserInviteNotification.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace BookStack\Access\Notifications;
+
+use BookStack\App\MailNotification;
+use BookStack\Users\Models\User;
+use Illuminate\Notifications\Messages\MailMessage;
+
+class UserInviteNotification extends MailNotification
+{
+    public function __construct(
+        public string $token
+    ) {
+    }
+
+    public function toMail(User $notifiable): MailMessage
+    {
+        $appName = ['appName' => setting('app-name')];
+        $locale = $notifiable->getLocale();
+
+        return $this->newMailMessage($locale)
+                ->subject($locale->trans('auth.user_invite_email_subject', $appName))
+                ->greeting($locale->trans('auth.user_invite_email_greeting', $appName))
+                ->line($locale->trans('auth.user_invite_email_text'))
+                ->action($locale->trans('auth.user_invite_email_action'), url('/register/invite/' . $this->token));
+    }
+}

app/Access/Oidc/OidcOAuthProvider.php

@@ -20,15 +20,8 @@ class OidcOAuthProvider extends AbstractProvider
 {
     use BearerAuthorizationTrait;
 
-    /**
-     * @var string
-     */
-    protected $authorizationEndpoint;
-
-    /**
-     * @var string
-     */
-    protected $tokenEndpoint;
+    protected string $authorizationEndpoint;
+    protected string $tokenEndpoint;
 
     /**
      * Scopes to use for the OIDC authorization call.
@@ -60,7 +53,7 @@ class OidcOAuthProvider extends AbstractProvider
     }
 
     /**
-     * Add an additional scope to this provider upon the default.
+     * Add another scope to this provider upon the default.
      */
     public function addScope(string $scope): void
     {

app/Access/Oidc/OidcProviderSettings.php

@@ -21,6 +21,7 @@ class OidcProviderSettings
     public ?string $redirectUri;
     public ?string $authorizationEndpoint;
     public ?string $tokenEndpoint;
+    public ?string $endSessionEndpoint;
 
     /**
      * @var string[]|array[]
@@ -59,7 +60,7 @@ class OidcProviderSettings
             }
         }
 
-        if (strpos($this->issuer, 'https://') !== 0) {
+        if (!str_starts_with($this->issuer, 'https://')) {
             throw new InvalidArgumentException('Issuer value must start with https://');
         }
     }
@@ -132,6 +133,10 @@ class OidcProviderSettings
             $discoveredSettings['keys'] = $this->filterKeys($keys);
         }
 
+        if (!empty($result['end_session_endpoint'])) {
+            $discoveredSettings['endSessionEndpoint'] = $result['end_session_endpoint'];
+        }
+
         return $discoveredSettings;
     }
 

app/Access/Oidc/OidcService.php

@@ -9,13 +9,13 @@ use BookStack\Exceptions\JsonDebugException;
 use BookStack\Exceptions\StoppedAuthenticationException;
 use BookStack\Exceptions\UserRegistrationException;
 use BookStack\Facades\Theme;
+use BookStack\Http\HttpRequestService;
 use BookStack\Theming\ThemeEvents;
 use BookStack\Users\Models\User;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Facades\Cache;
 use League\OAuth2\Client\OptionProvider\HttpBasicAuthOptionProvider;
 use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
-use Psr\Http\Client\ClientInterface as HttpClient;
 
 /**
  * Class OpenIdConnectService
@@ -26,7 +26,7 @@ class OidcService
     public function __construct(
         protected RegistrationService $registrationService,
         protected LoginService $loginService,
-        protected HttpClient $httpClient,
+        protected HttpRequestService $http,
         protected GroupSyncService $groupService
     ) {
     }
@@ -84,6 +84,7 @@ class OidcService
             'redirectUri'           => url('/oidc/callback'),
             'authorizationEndpoint' => $config['authorization_endpoint'],
             'tokenEndpoint'         => $config['token_endpoint'],
+            'endSessionEndpoint'    => is_string($config['end_session_endpoint']) ? $config['end_session_endpoint'] : null,
         ]);
 
         // Use keys if configured
@@ -94,12 +95,20 @@ class OidcService
         // Run discovery
         if ($config['discover'] ?? false) {
             try {
-                $settings->discoverFromIssuer($this->httpClient, Cache::store(null), 15);
+                $settings->discoverFromIssuer($this->http->buildClient(5), Cache::store(null), 15);
             } catch (OidcIssuerDiscoveryException $exception) {
                 throw new OidcException('OIDC Discovery Error: ' . $exception->getMessage());
             }
         }
 
+        // Prevent use of RP-initiated logout if specifically disabled
+        // Or force use of a URL if specifically set.
+        if ($config['end_session_endpoint'] === false) {
+            $settings->endSessionEndpoint = null;
+        } else if (is_string($config['end_session_endpoint'])) {
+            $settings->endSessionEndpoint = $config['end_session_endpoint'];
+        }
+
         $settings->validate();
 
         return $settings;
@@ -111,7 +120,7 @@ class OidcService
     protected function getProvider(OidcProviderSettings $settings): OidcOAuthProvider
     {
         $provider = new OidcOAuthProvider($settings->arrayForProvider(), [
-            'httpClient'     => $this->httpClient,
+            'httpClient'     => $this->http->buildClient(5),
             'optionProvider' => new HttpBasicAuthOptionProvider(),
         ]);
 
@@ -142,10 +151,11 @@ class OidcService
      */
     protected function getUserDisplayName(OidcIdToken $token, string $defaultValue): string
     {
-        $displayNameAttr = $this->config()['display_name_claims'];
+        $displayNameAttrString = $this->config()['display_name_claims'] ?? '';
+        $displayNameAttrs = explode('|', $displayNameAttrString);
 
         $displayName = [];
-        foreach ($displayNameAttr as $dnAttr) {
+        foreach ($displayNameAttrs as $dnAttr) {
             $dnComponent = $token->getClaim($dnAttr) ?? '';
             if ($dnComponent !== '') {
                 $displayName[] = $dnComponent;
@@ -216,6 +226,8 @@ class OidcService
             $settings->keys,
         );
 
+        session()->put("oidc_id_token", $idTokenText);
+
         $returnClaims = Theme::dispatch(ThemeEvents::OIDC_ID_TOKEN_PRE_VALIDATE, $idToken->getAllClaims(), [
             'access_token' => $accessToken->getToken(),
             'expires_in' => $accessToken->getExpires(),
@@ -283,4 +295,30 @@ class OidcService
     {
         return $this->config()['user_to_groups'] !== false;
     }
+
+    /**
+     * Start the RP-initiated logout flow if active, otherwise start a standard logout flow.
+     * Returns a post-app-logout redirect URL.
+     * Reference: https://openid.net/specs/openid-connect-rpinitiated-1_0.html
+     * @throws OidcException
+     */
+    public function logout(): string
+    {
+        $oidcToken = session()->pull("oidc_id_token");
+        $defaultLogoutUrl = url($this->loginService->logout());
+        $oidcSettings = $this->getProviderSettings();
+
+        if (!$oidcSettings->endSessionEndpoint) {
+            return $defaultLogoutUrl;
+        }
+
+        $endpointParams = [
+            'id_token_hint' => $oidcToken,
+            'post_logout_redirect_uri' => $defaultLogoutUrl,
+        ];
+
+        $joiner = str_contains($oidcSettings->endSessionEndpoint, '?') ? '&' : '?';
+
+        return $oidcSettings->endSessionEndpoint . $joiner . http_build_query($endpointParams);
+    }
 }

app/Access/Saml2Service.php

@@ -21,19 +21,13 @@ use OneLogin\Saml2\ValidationError;
 class Saml2Service
 {
     protected array $config;
-    protected RegistrationService $registrationService;
-    protected LoginService $loginService;
-    protected GroupSyncService $groupSyncService;
 
     public function __construct(
-        RegistrationService $registrationService,
-        LoginService $loginService,
-        GroupSyncService $groupSyncService
+        protected RegistrationService $registrationService,
+        protected LoginService $loginService,
+        protected GroupSyncService $groupSyncService
     ) {
         $this->config = config('saml2');
-        $this->registrationService = $registrationService;
-        $this->loginService = $loginService;
-        $this->groupSyncService = $groupSyncService;
     }
 
     /**
@@ -54,20 +48,23 @@ class Saml2Service
 
     /**
      * Initiate a logout flow.
+     * Returns the SAML2 request ID, and the URL to redirect the user to.
      *
      * @throws Error
+     * @returns array{url: string, id: ?string}
      */
     public function logout(User $user): array
     {
         $toolKit = $this->getToolkit();
-        $returnRoute = url('/');
+        $sessionIndex = session()->get('saml2_session_index');
+        $returnUrl = url($this->loginService->logout());
 
         try {
             $url = $toolKit->logout(
-                $returnRoute,
+                $returnUrl,
                 [],
                 $user->email,
-                session()->get('saml2_session_index'),
+                $sessionIndex,
                 true,
                 Constants::NAMEID_EMAIL_ADDRESS
             );
@@ -77,8 +74,7 @@ class Saml2Service
                 throw $error;
             }
 
-            $this->actionLogout();
-            $url = '/';
+            $url = $returnUrl;
             $id = null;
         }
 
@@ -128,7 +124,7 @@ class Saml2Service
      *
      * @throws Error
      */
-    public function processSlsResponse(?string $requestId): ?string
+    public function processSlsResponse(?string $requestId): string
     {
         $toolkit = $this->getToolkit();
 
@@ -137,7 +133,7 @@ class Saml2Service
         // value so that the exact encoding format is matched when checking the signature.
         // This is primarily due to ADFS encoding query params with lowercase percent encoding while
         // PHP (And most other sensible providers) standardise on uppercase.
-        $redirect = $toolkit->processSLO(true, $requestId, true, null, true);
+        $samlRedirect = $toolkit->processSLO(true, $requestId, true, null, true);
         $errors = $toolkit->getErrors();
 
         if (!empty($errors)) {
@@ -146,18 +142,9 @@ class Saml2Service
             );
         }
 
-        $this->actionLogout();
+        $defaultBookStackRedirect = $this->loginService->logout();
 
-        return $redirect;
-    }
-
-    /**
-     * Do the required actions to log a user out.
-     */
-    protected function actionLogout()
-    {
-        auth()->logout();
-        session()->invalidate();
+        return $samlRedirect ?? $defaultBookStackRedirect;
     }
 
     /**
@@ -357,6 +344,10 @@ class Saml2Service
         $userDetails = $this->getUserDetails($samlID, $samlAttributes);
         $isLoggedIn = auth()->check();
 
+        if ($this->shouldSyncGroups()) {
+            $userDetails['groups'] = $this->getUserGroups($samlAttributes);
+        }
+
         if ($this->config['dump_user_details']) {
             throw new JsonDebugException([
                 'id_from_idp'         => $samlID,
@@ -379,13 +370,8 @@ class Saml2Service
             $userDetails['external_id']
         );
 
-        if ($user === null) {
-            throw new SamlException(trans('errors.saml_user_not_registered', ['name' => $userDetails['external_id']]), '/login');
-        }
-
         if ($this->shouldSyncGroups()) {
-            $groups = $this->getUserGroups($samlAttributes);
-            $this->groupSyncService->syncUserWithFoundGroups($user, $groups, $this->config['remove_from_groups']);
+            $this->groupSyncService->syncUserWithFoundGroups($user, $userDetails['groups'], $this->config['remove_from_groups']);
         }
 
         $this->loginService->login($user, 'saml2');

app/Access/SocialAuthService.php

@@ -2,69 +2,24 @@
 
 namespace BookStack\Access;
 
-use BookStack\Auth\Access\handler;
 use BookStack\Exceptions\SocialDriverNotConfigured;
 use BookStack\Exceptions\SocialSignInAccountNotUsed;
 use BookStack\Exceptions\UserRegistrationException;
 use BookStack\Users\Models\User;
-use Illuminate\Support\Facades\Event;
 use Illuminate\Support\Str;
 use Laravel\Socialite\Contracts\Factory as Socialite;
 use Laravel\Socialite\Contracts\Provider;
 use Laravel\Socialite\Contracts\User as SocialUser;
 use Laravel\Socialite\Two\GoogleProvider;
-use SocialiteProviders\Manager\SocialiteWasCalled;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 
 class SocialAuthService
 {
-    /**
-     * The core socialite library used.
-     *
-     * @var Socialite
-     */
-    protected $socialite;
-
-    /**
-     * @var LoginService
-     */
-    protected $loginService;
-
-    /**
-     * The default built-in social drivers we support.
-     *
-     * @var string[]
-     */
-    protected $validSocialDrivers = [
-        'google',
-        'github',
-        'facebook',
-        'slack',
-        'twitter',
-        'azure',
-        'okta',
-        'gitlab',
-        'twitch',
-        'discord',
-    ];
-
-    /**
-     * Callbacks to run when configuring a social driver
-     * for an initial redirect action.
-     * Array is keyed by social driver name.
-     * Callbacks are passed an instance of the driver.
-     *
-     * @var array<string, callable>
-     */
-    protected $configureForRedirectCallbacks = [];
-
-    /**
-     * SocialAuthService constructor.
-     */
-    public function __construct(Socialite $socialite, LoginService $loginService)
-    {
-        $this->socialite = $socialite;
-        $this->loginService = $loginService;
+    public function __construct(
+        protected Socialite $socialite,
+        protected LoginService $loginService,
+        protected SocialDriverManager $driverManager,
+    ) {
     }
 
     /**
@@ -74,9 +29,10 @@ class SocialAuthService
      */
     public function startLogIn(string $socialDriver): RedirectResponse
     {
-        $driver = $this->validateDriver($socialDriver);
+        $socialDriver = trim(strtolower($socialDriver));
+        $this->driverManager->ensureDriverActive($socialDriver);
 
-        return $this->getDriverForRedirect($driver)->redirect();
+        return $this->getDriverForRedirect($socialDriver)->redirect();
     }
 
     /**
@@ -86,9 +42,10 @@ class SocialAuthService
      */
     public function startRegister(string $socialDriver): RedirectResponse
     {
-        $driver = $this->validateDriver($socialDriver);
+        $socialDriver = trim(strtolower($socialDriver));
+        $this->driverManager->ensureDriverActive($socialDriver);
 
-        return $this->getDriverForRedirect($driver)->redirect();
+        return $this->getDriverForRedirect($socialDriver)->redirect();
     }
 
     /**
@@ -119,9 +76,10 @@ class SocialAuthService
      */
     public function getSocialUser(string $socialDriver): SocialUser
     {
-        $driver = $this->validateDriver($socialDriver);
+        $socialDriver = trim(strtolower($socialDriver));
+        $this->driverManager->ensureDriverActive($socialDriver);
 
-        return $this->socialite->driver($driver)->user();
+        return $this->socialite->driver($socialDriver)->user();
     }
 
     /**
@@ -131,6 +89,7 @@ class SocialAuthService
      */
     public function handleLoginCallback(string $socialDriver, SocialUser $socialUser)
     {
+        $socialDriver = trim(strtolower($socialDriver));
         $socialId = $socialUser->getId();
 
         // Get any attached social accounts or users
@@ -154,21 +113,21 @@ class SocialAuthService
             $currentUser->socialAccounts()->save($account);
             session()->flash('success', trans('settings.users_social_connected', ['socialAccount' => $titleCaseDriver]));
 
-            return redirect($currentUser->getEditUrl());
+            return redirect('/my-account/auth#social_accounts');
         }
 
         // When a user is logged in and the social account exists and is already linked to the current user.
         if ($isLoggedIn && $socialAccount !== null && $socialAccount->user->id === $currentUser->id) {
             session()->flash('error', trans('errors.social_account_existing', ['socialAccount' => $titleCaseDriver]));
 
-            return redirect($currentUser->getEditUrl());
+            return redirect('/my-account/auth#social_accounts');
         }
 
         // When a user is logged in, A social account exists but the users do not match.
         if ($isLoggedIn && $socialAccount !== null && $socialAccount->user->id != $currentUser->id) {
             session()->flash('error', trans('errors.social_account_already_used_existing', ['socialAccount' => $titleCaseDriver]));
 
-            return redirect($currentUser->getEditUrl());
+            return redirect('/my-account/auth#social_accounts');
         }
 
         // Otherwise let the user know this social account is not used by anyone.
@@ -181,75 +140,11 @@ class SocialAuthService
     }
 
     /**
-     * Ensure the social driver is correct and supported.
-     *
-     * @throws SocialDriverNotConfigured
+     * Get the social driver manager used by this service.
      */
-    protected function validateDriver(string $socialDriver): string
+    public function drivers(): SocialDriverManager
     {
-        $driver = trim(strtolower($socialDriver));
-
-        if (!in_array($driver, $this->validSocialDrivers)) {
-            abort(404, trans('errors.social_driver_not_found'));
-        }
-
-        if (!$this->checkDriverConfigured($driver)) {
-            throw new SocialDriverNotConfigured(trans('errors.social_driver_not_configured', ['socialAccount' => Str::title($socialDriver)]));
-        }
-
-        return $driver;
-    }
-
-    /**
-     * Check a social driver has been configured correctly.
-     */
-    protected function checkDriverConfigured(string $driver): bool
-    {
-        $lowerName = strtolower($driver);
-        $configPrefix = 'services.' . $lowerName . '.';
-        $config = [config($configPrefix . 'client_id'), config($configPrefix . 'client_secret'), config('services.callback_url')];
-
-        return !in_array(false, $config) && !in_array(null, $config);
-    }
-
-    /**
-     * Gets the names of the active social drivers.
-     */
-    public function getActiveDrivers(): array
-    {
-        $activeDrivers = [];
-
-        foreach ($this->validSocialDrivers as $driverKey) {
-            if ($this->checkDriverConfigured($driverKey)) {
-                $activeDrivers[$driverKey] = $this->getDriverName($driverKey);
-            }
-        }
-
-        return $activeDrivers;
-    }
-
-    /**
-     * Get the presentational name for a driver.
-     */
-    public function getDriverName(string $driver): string
-    {
-        return config('services.' . strtolower($driver) . '.name');
-    }
-
-    /**
-     * Check if the current config for the given driver allows auto-registration.
-     */
-    public function driverAutoRegisterEnabled(string $driver): bool
-    {
-        return config('services.' . strtolower($driver) . '.auto_register') === true;
-    }
-
-    /**
-     * Check if the current config for the given driver allow email address auto-confirmation.
-     */
-    public function driverAutoConfirmEmailEnabled(string $driver): bool
-    {
-        return config('services.' . strtolower($driver) . '.auto_confirm') === true;
+        return $this->driverManager;
     }
 
     /**
@@ -283,33 +178,8 @@ class SocialAuthService
             $driver->with(['prompt' => 'select_account']);
         }
 
-        if (isset($this->configureForRedirectCallbacks[$driverName])) {
-            $this->configureForRedirectCallbacks[$driverName]($driver);
-        }
+        $this->driverManager->getConfigureForRedirectCallback($driverName)($driver);
 
         return $driver;
     }
-
-    /**
-     * Add a custom socialite driver to be used.
-     * Driver name should be lower_snake_case.
-     * Config array should mirror the structure of a service
-     * within the `Config/services.php` file.
-     * Handler should be a Class@method handler to the SocialiteWasCalled event.
-     */
-    public function addSocialDriver(
-        string $driverName,
-        array $config,
-        string $socialiteHandler,
-        callable $configureForRedirect = null
-    ) {
-        $this->validSocialDrivers[] = $driverName;
-        config()->set('services.' . $driverName, $config);
-        config()->set('services.' . $driverName . '.redirect', url('/login/service/' . $driverName . '/callback'));
-        config()->set('services.' . $driverName . '.name', $config['name'] ?? $driverName);
-        Event::listen(SocialiteWasCalled::class, $socialiteHandler);
-        if (!is_null($configureForRedirect)) {
-            $this->configureForRedirectCallbacks[$driverName] = $configureForRedirect;
-        }
-    }
 }

app/Access/SocialDriverManager.php

@@ -0,0 +1,147 @@
+<?php
+
+namespace BookStack\Access;
+
+use BookStack\Exceptions\SocialDriverNotConfigured;
+use Illuminate\Support\Facades\Event;
+use Illuminate\Support\Str;
+use SocialiteProviders\Manager\SocialiteWasCalled;
+
+class SocialDriverManager
+{
+    /**
+     * The default built-in social drivers we support.
+     *
+     * @var string[]
+     */
+    protected array $validDrivers = [
+        'google',
+        'github',
+        'facebook',
+        'slack',
+        'twitter',
+        'azure',
+        'okta',
+        'gitlab',
+        'twitch',
+        'discord',
+    ];
+
+    /**
+     * Callbacks to run when configuring a social driver
+     * for an initial redirect action.
+     * Array is keyed by social driver name.
+     * Callbacks are passed an instance of the driver.
+     *
+     * @var array<string, callable>
+     */
+    protected array $configureForRedirectCallbacks = [];
+
+    /**
+     * Check if the current config for the given driver allows auto-registration.
+     */
+    public function isAutoRegisterEnabled(string $driver): bool
+    {
+        return $this->getDriverConfigProperty($driver, 'auto_register') === true;
+    }
+
+    /**
+     * Check if the current config for the given driver allow email address auto-confirmation.
+     */
+    public function isAutoConfirmEmailEnabled(string $driver): bool
+    {
+        return $this->getDriverConfigProperty($driver, 'auto_confirm') === true;
+    }
+
+    /**
+     * Gets the names of the active social drivers, keyed by driver id.
+     * @returns array<string, string>
+     */
+    public function getActive(): array
+    {
+        $activeDrivers = [];
+
+        foreach ($this->validDrivers as $driverKey) {
+            if ($this->checkDriverConfigured($driverKey)) {
+                $activeDrivers[$driverKey] = $this->getName($driverKey);
+            }
+        }
+
+        return $activeDrivers;
+    }
+
+    /**
+     * Get the configure-for-redirect callback for the given driver.
+     * This is a callable that allows modification of the driver at redirect time.
+     * Commonly used to perform custom dynamic configuration where required.
+     * The callback is passed a \Laravel\Socialite\Contracts\Provider instance.
+     */
+    public function getConfigureForRedirectCallback(string $driver): callable
+    {
+        return $this->configureForRedirectCallbacks[$driver] ?? (fn() => true);
+    }
+
+    /**
+     * Add a custom socialite driver to be used.
+     * Driver name should be lower_snake_case.
+     * Config array should mirror the structure of a service
+     * within the `Config/services.php` file.
+     * Handler should be a Class@method handler to the SocialiteWasCalled event.
+     */
+    public function addSocialDriver(
+        string $driverName,
+        array $config,
+        string $socialiteHandler,
+        callable $configureForRedirect = null
+    ) {
+        $this->validDrivers[] = $driverName;
+        config()->set('services.' . $driverName, $config);
+        config()->set('services.' . $driverName . '.redirect', url('/login/service/' . $driverName . '/callback'));
+        config()->set('services.' . $driverName . '.name', $config['name'] ?? $driverName);
+        Event::listen(SocialiteWasCalled::class, $socialiteHandler);
+        if (!is_null($configureForRedirect)) {
+            $this->configureForRedirectCallbacks[$driverName] = $configureForRedirect;
+        }
+    }
+
+    /**
+     * Get the presentational name for a driver.
+     */
+    protected function getName(string $driver): string
+    {
+        return $this->getDriverConfigProperty($driver, 'name') ?? '';
+    }
+
+    protected function getDriverConfigProperty(string $driver, string $property): mixed
+    {
+        return config("services.{$driver}.{$property}");
+    }
+
+    /**
+     * Ensure the social driver is correct and supported.
+     *
+     * @throws SocialDriverNotConfigured
+     */
+    public function ensureDriverActive(string $driverName): void
+    {
+        if (!in_array($driverName, $this->validDrivers)) {
+            abort(404, trans('errors.social_driver_not_found'));
+        }
+
+        if (!$this->checkDriverConfigured($driverName)) {
+            throw new SocialDriverNotConfigured(trans('errors.social_driver_not_configured', ['socialAccount' => Str::title($driverName)]));
+        }
+    }
+
+    /**
+     * Check a social driver has been configured correctly.
+     */
+    protected function checkDriverConfigured(string $driver): bool
+    {
+        $lowerName = strtolower($driver);
+        $configPrefix = 'services.' . $lowerName . '.';
+        $config = [config($configPrefix . 'client_id'), config($configPrefix . 'client_secret'), config('services.callback_url')];
+
+        return !in_array(false, $config) && !in_array(null, $config);
+    }
+}

app/Access/UserInviteService.php

@@ -2,7 +2,7 @@
 
 namespace BookStack\Access;
 
-use BookStack\Notifications\UserInvite;
+use BookStack\Access\Notifications\UserInviteNotification;
 use BookStack\Users\Models\User;
 
 class UserInviteService extends UserTokenService
@@ -18,6 +18,6 @@ class UserInviteService extends UserTokenService
     {
         $this->deleteByUser($user);
         $token = $this->createTokenForUser($user);
-        $user->notify(new UserInvite($token));
+        $user->notify(new UserInviteNotification($token));
     }
 }

app/Activity/Controllers/FavouriteController.php

@@ -2,15 +2,18 @@
 
 namespace BookStack\Activity\Controllers;
 
-use BookStack\Activity\Models\Favouritable;
-use BookStack\App\Model;
-use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Queries\TopFavourites;
+use BookStack\Entities\Tools\MixedEntityRequestHelper;
 use BookStack\Http\Controller;
 use Illuminate\Http\Request;
 
 class FavouriteController extends Controller
 {
+    public function __construct(
+        protected MixedEntityRequestHelper $entityHelper,
+    ) {
+    }
+
     /**
      * Show a listing of all favourite items for the current user.
      */
@@ -36,16 +39,17 @@ class FavouriteController extends Controller
      */
     public function add(Request $request)
     {
-        $favouritable = $this->getValidatedModelFromRequest($request);
-        $favouritable->favourites()->firstOrCreate([
+        $modelInfo = $this->validate($request, $this->entityHelper->validationRules());
+        $entity = $this->entityHelper->getVisibleEntityFromRequestData($modelInfo);
+        $entity->favourites()->firstOrCreate([
             'user_id' => user()->id,
         ]);
 
         $this->showSuccessNotification(trans('activities.favourite_add_notification', [
-            'name' => $favouritable->name,
+            'name' => $entity->name,
         ]));
 
-        return redirect()->back();
+        return redirect($entity->getUrl());
     }
 
     /**
@@ -53,48 +57,16 @@ class FavouriteController extends Controller
      */
     public function remove(Request $request)
     {
-        $favouritable = $this->getValidatedModelFromRequest($request);
-        $favouritable->favourites()->where([
+        $modelInfo = $this->validate($request, $this->entityHelper->validationRules());
+        $entity = $this->entityHelper->getVisibleEntityFromRequestData($modelInfo);
+        $entity->favourites()->where([
             'user_id' => user()->id,
         ])->delete();
 
         $this->showSuccessNotification(trans('activities.favourite_remove_notification', [
-            'name' => $favouritable->name,
+            'name' => $entity->name,
         ]));
 
-        return redirect()->back();
-    }
-
-    /**
-     * @throws \Illuminate\Validation\ValidationException
-     * @throws \Exception
-     */
-    protected function getValidatedModelFromRequest(Request $request): Entity
-    {
-        $modelInfo = $this->validate($request, [
-            'type' => ['required', 'string'],
-            'id'   => ['required', 'integer'],
-        ]);
-
-        if (!class_exists($modelInfo['type'])) {
-            throw new \Exception('Model not found');
-        }
-
-        /** @var Model $model */
-        $model = new $modelInfo['type']();
-        if (!$model instanceof Favouritable) {
-            throw new \Exception('Model not favouritable');
-        }
-
-        $modelInstance = $model->newQuery()
-            ->where('id', '=', $modelInfo['id'])
-            ->first(['id', 'name', 'owned_by']);
-
-        $inaccessibleEntity = ($modelInstance instanceof Entity && !userCan('view', $modelInstance));
-        if (is_null($modelInstance) || $inaccessibleEntity) {
-            throw new \Exception('Model instance not found');
-        }
-
-        return $modelInstance;
+        return redirect($entity->getUrl());
     }
 }

app/Activity/Controllers/WatchController.php

@@ -3,63 +3,27 @@
 namespace BookStack\Activity\Controllers;
 
 use BookStack\Activity\Tools\UserEntityWatchOptions;
-use BookStack\App\Model;
-use BookStack\Entities\Models\Entity;
+use BookStack\Entities\Tools\MixedEntityRequestHelper;
 use BookStack\Http\Controller;
-use Exception;
 use Illuminate\Http\Request;
-use Illuminate\Validation\ValidationException;
 
 class WatchController extends Controller
 {
-    public function update(Request $request)
+    public function update(Request $request, MixedEntityRequestHelper $entityHelper)
     {
         $this->checkPermission('receive-notifications');
         $this->preventGuestAccess();
 
-        $requestData = $this->validate($request, [
+        $requestData = $this->validate($request, array_merge([
             'level' => ['required', 'string'],
-        ]);
+        ], $entityHelper->validationRules()));
 
-        $watchable = $this->getValidatedModelFromRequest($request);
+        $watchable = $entityHelper->getVisibleEntityFromRequestData($requestData);
         $watchOptions = new UserEntityWatchOptions(user(), $watchable);
         $watchOptions->updateLevelByName($requestData['level']);
 
         $this->showSuccessNotification(trans('activities.watch_update_level_notification'));
 
-        return redirect()->back();
-    }
-
-    /**
-     * @throws ValidationException
-     * @throws Exception
-     */
-    protected function getValidatedModelFromRequest(Request $request): Entity
-    {
-        $modelInfo = $this->validate($request, [
-            'type' => ['required', 'string'],
-            'id'   => ['required', 'integer'],
-        ]);
-
-        if (!class_exists($modelInfo['type'])) {
-            throw new Exception('Model not found');
-        }
-
-        /** @var Model $model */
-        $model = new $modelInfo['type']();
-        if (!$model instanceof Entity) {
-            throw new Exception('Model not an entity');
-        }
-
-        $modelInstance = $model->newQuery()
-            ->where('id', '=', $modelInfo['id'])
-            ->first(['id', 'name', 'owned_by']);
-
-        $inaccessibleEntity = ($modelInstance instanceof Entity && !userCan('view', $modelInstance));
-        if (is_null($modelInstance) || $inaccessibleEntity) {
-            throw new Exception('Model instance not found');
-        }
-
-        return $modelInstance;
+        return redirect($watchable->getUrl());
     }
 }

app/Activity/DispatchWebhookJob.php

@@ -6,6 +6,7 @@ use BookStack\Activity\Models\Loggable;
 use BookStack\Activity\Models\Webhook;
 use BookStack\Activity\Tools\WebhookFormatter;
 use BookStack\Facades\Theme;
+use BookStack\Http\HttpRequestService;
 use BookStack\Theming\ThemeEvents;
 use BookStack\Users\Models\User;
 use BookStack\Util\SsrUrlValidator;
@@ -14,7 +15,6 @@ use Illuminate\Contracts\Queue\ShouldQueue;
 use Illuminate\Foundation\Bus\Dispatchable;
 use Illuminate\Queue\InteractsWithQueue;
 use Illuminate\Queue\SerializesModels;
-use Illuminate\Support\Facades\Http;
 use Illuminate\Support\Facades\Log;
 
 class DispatchWebhookJob implements ShouldQueue
@@ -49,25 +49,28 @@ class DispatchWebhookJob implements ShouldQueue
      *
      * @return void
      */
-    public function handle()
+    public function handle(HttpRequestService $http)
     {
         $lastError = null;
 
         try {
             (new SsrUrlValidator())->ensureAllowed($this->webhook->endpoint);
 
-            $response = Http::asJson()
-                ->withOptions(['allow_redirects' => ['strict' => true]])
-                ->timeout($this->webhook->timeout)
-                ->post($this->webhook->endpoint, $this->webhookData);
-        } catch (\Exception $exception) {
-            $lastError = $exception->getMessage();
-            Log::error("Webhook call to endpoint {$this->webhook->endpoint} failed with error \"{$lastError}\"");
-        }
+            $client = $http->buildClient($this->webhook->timeout, [
+                'connect_timeout' => 10,
+                'allow_redirects' => ['strict' => true],
+            ]);
 
-        if (isset($response) && $response->failed()) {
-            $lastError = "Response status from endpoint was {$response->status()}";
-            Log::error("Webhook call to endpoint {$this->webhook->endpoint} failed with status {$response->status()}");
+            $response = $client->sendRequest($http->jsonRequest('POST', $this->webhook->endpoint, $this->webhookData));
+            $statusCode = $response->getStatusCode();
+
+            if ($statusCode >= 400) {
+                $lastError = "Response status from endpoint was {$statusCode}";
+                Log::error("Webhook call to endpoint {$this->webhook->endpoint} failed with status {$statusCode}");
+            }
+        } catch (\Exception $error) {
+            $lastError = $error->getMessage();
+            Log::error("Webhook call to endpoint {$this->webhook->endpoint} failed with error \"{$lastError}\"");
         }
 
         $this->webhook->last_called_at = now();

app/Activity/Models/Activity.php

@@ -9,6 +9,7 @@ use BookStack\Users\Models\User;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Database\Eloquent\Relations\MorphTo;
+use Illuminate\Support\Carbon;
 use Illuminate\Support\Str;
 
 /**

app/Activity/Models/Comment.php

@@ -12,10 +12,12 @@ use Illuminate\Database\Eloquent\Relations\MorphTo;
  * @property int      $id
  * @property string   $text
  * @property string   $html
- * @property int|null $parent_id
+ * @property int|null $parent_id  - Relates to local_id, not id
  * @property int      $local_id
  * @property string   $entity_type
  * @property int      $entity_id
+ * @property int      $created_by
+ * @property int      $updated_by
  */
 class Comment extends Model implements Loggable
 {
@@ -38,7 +40,9 @@ class Comment extends Model implements Loggable
      */
     public function parent(): BelongsTo
     {
-        return $this->belongsTo(Comment::class);
+        return $this->belongsTo(Comment::class, 'parent_id', 'local_id', 'parent')
+            ->where('entity_type', '=', $this->entity_type)
+            ->where('entity_id', '=', $this->entity_id);
     }
 
     /**

app/Activity/Models/View.php

@@ -41,7 +41,7 @@ class View extends Model
     public static function incrementFor(Viewable $viewable): int
     {
         $user = user();
-        if (is_null($user) || $user->isDefault()) {
+        if ($user->isGuest()) {
             return 0;
         }
 

app/Activity/Notifications/MessageParts/EntityLinkMessageLine.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace BookStack\Activity\Notifications\MessageParts;
+
+use BookStack\Entities\Models\Entity;
+use Illuminate\Contracts\Support\Htmlable;
+use Stringable;
+
+/**
+ * A link to a specific entity in the system, with the text showing its name.
+ */
+class EntityLinkMessageLine implements Htmlable, Stringable
+{
+    public function __construct(
+        protected Entity $entity,
+        protected int $nameLength = 120,
+    ) {
+    }
+
+    public function toHtml(): string
+    {
+        return '<a href="' . e($this->entity->getUrl()) . '">' . e($this->entity->getShortName($this->nameLength)) . '</a>';
+    }
+
+    public function __toString(): string
+    {
+        return "{$this->entity->getShortName($this->nameLength)} ({$this->entity->getUrl()})";
+    }
+}

app/Activity/Notifications/MessageParts/EntityPathMessageLine.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace BookStack\Activity\Notifications\MessageParts;
+
+use BookStack\Entities\Models\Entity;
+use Illuminate\Contracts\Support\Htmlable;
+use Stringable;
+
+/**
+ * A link to a specific entity in the system, with the text showing its name.
+ */
+class EntityPathMessageLine implements Htmlable, Stringable
+{
+    /**
+     * @var EntityLinkMessageLine[]
+     */
+    protected array $entityLinks;
+
+    public function __construct(
+        protected array $entities
+    ) {
+        $this->entityLinks = array_map(fn (Entity $entity) => new EntityLinkMessageLine($entity, 24), $this->entities);
+    }
+
+    public function toHtml(): string
+    {
+        $entityHtmls = array_map(fn (EntityLinkMessageLine $line) => $line->toHtml(), $this->entityLinks);
+        return implode(' &gt; ', $entityHtmls);
+    }
+
+    public function __toString(): string
+    {
+        return implode(' > ', $this->entityLinks);
+    }
+}

app/Activity/Notifications/MessageParts/LinkedMailMessageLine.php

@@ -3,13 +3,14 @@
 namespace BookStack\Activity\Notifications\MessageParts;
 
 use Illuminate\Contracts\Support\Htmlable;
+use Stringable;
 
 /**
  * A line of text with linked text included, intended for use
  * in MailMessages. The line should have a ':link' placeholder for
  * where the link should be inserted within the line.
  */
-class LinkedMailMessageLine implements Htmlable
+class LinkedMailMessageLine implements Htmlable, Stringable
 {
     public function __construct(
         protected string $url,
@@ -23,4 +24,10 @@ class LinkedMailMessageLine implements Htmlable
         $link = '<a href="' . e($this->url) . '">' . e($this->linkText) . '</a>';
         return str_replace(':link', $link, e($this->line));
     }
+
+    public function __toString(): string
+    {
+        $link = "{$this->linkText} ({$this->url})";
+        return str_replace(':link', $link, $this->line);
+    }
 }

app/Activity/Notifications/MessageParts/ListMessageLine.php

@@ -3,12 +3,13 @@
 namespace BookStack\Activity\Notifications\MessageParts;
 
 use Illuminate\Contracts\Support\Htmlable;
+use Stringable;
 
 /**
  * A bullet point list of content, where the keys of the given list array
  * are bolded header elements, and the values follow.
  */
-class ListMessageLine implements Htmlable
+class ListMessageLine implements Htmlable, Stringable
 {
     public function __construct(
         protected array $list
@@ -23,4 +24,13 @@ class ListMessageLine implements Htmlable
         }
         return implode("<br>\n", $list);
     }
+
+    public function __toString(): string
+    {
+        $list = [];
+        foreach ($this->list as $header => $content) {
+            $list[] = $header . ' ' . $content;
+        }
+        return implode("\n", $list);
+    }
 }

app/Activity/Notifications/Messages/BaseActivityNotification.php

@@ -3,13 +3,17 @@
 namespace BookStack\Activity\Notifications\Messages;
 
 use BookStack\Activity\Models\Loggable;
+use BookStack\Activity\Notifications\MessageParts\EntityPathMessageLine;
 use BookStack\Activity\Notifications\MessageParts\LinkedMailMessageLine;
+use BookStack\App\MailNotification;
+use BookStack\Entities\Models\Entity;
+use BookStack\Entities\Models\Page;
+use BookStack\Permissions\PermissionApplicator;
+use BookStack\Translation\LocaleDefinition;
 use BookStack\Users\Models\User;
 use Illuminate\Bus\Queueable;
-use Illuminate\Notifications\Messages\MailMessage;
-use Illuminate\Notifications\Notification;
 
-abstract class BaseActivityNotification extends Notification
+abstract class BaseActivityNotification extends MailNotification
 {
     use Queueable;
 
@@ -19,22 +23,6 @@ abstract class BaseActivityNotification extends Notification
     ) {
     }
 
-    /**
-     * Get the notification's delivery channels.
-     *
-     * @param  mixed  $notifiable
-     * @return array
-     */
-    public function via($notifiable)
-    {
-        return ['mail'];
-    }
-
-    /**
-     * Get the mail representation of the notification.
-     */
-    abstract public function toMail(mixed $notifiable): MailMessage;
-
     /**
      * Get the array representation of the notification.
      *
@@ -52,12 +40,28 @@ abstract class BaseActivityNotification extends Notification
     /**
      * Build the common reason footer line used in mail messages.
      */
-    protected function buildReasonFooterLine(): LinkedMailMessageLine
+    protected function buildReasonFooterLine(LocaleDefinition $locale): LinkedMailMessageLine
     {
         return new LinkedMailMessageLine(
             url('/preferences/notifications'),
-            trans('notifications.footer_reason'),
-            trans('notifications.footer_reason_link'),
+            $locale->trans('notifications.footer_reason'),
+            $locale->trans('notifications.footer_reason_link'),
         );
     }
+
+    /**
+     * Build a line which provides the book > chapter path to a page.
+     * Takes into account visibility of these parent items.
+     * Returns null if no path items can be used.
+     */
+    protected function buildPagePathLine(Page $page, User $notifiable): ?EntityPathMessageLine
+    {
+        $permissions = new PermissionApplicator($notifiable);
+
+        $path = array_filter([$page->book, $page->chapter], function (?Entity $entity) use ($permissions) {
+            return !is_null($entity) && $permissions->checkOwnableUserAccess($entity, 'view');
+        });
+
+        return empty($path) ? null : new EntityPathMessageLine($path);
+    }
 }

app/Activity/Notifications/Messages/CommentCreationNotification.php

@@ -3,28 +3,35 @@
 namespace BookStack\Activity\Notifications\Messages;
 
 use BookStack\Activity\Models\Comment;
+use BookStack\Activity\Notifications\MessageParts\EntityLinkMessageLine;
 use BookStack\Activity\Notifications\MessageParts\ListMessageLine;
 use BookStack\Entities\Models\Page;
+use BookStack\Users\Models\User;
 use Illuminate\Notifications\Messages\MailMessage;
 
 class CommentCreationNotification extends BaseActivityNotification
 {
-    public function toMail(mixed $notifiable): MailMessage
+    public function toMail(User $notifiable): MailMessage
     {
         /** @var Comment $comment */
         $comment = $this->detail;
         /** @var Page $page */
         $page = $comment->entity;
 
-        return (new MailMessage())
-            ->subject(trans('notifications.new_comment_subject', ['pageName' => $page->getShortName()]))
-            ->line(trans('notifications.new_comment_intro', ['appName' => setting('app-name')]))
-            ->line(new ListMessageLine([
-                trans('notifications.detail_page_name') => $page->name,
-                trans('notifications.detail_commenter') => $this->user->name,
-                trans('notifications.detail_comment') => strip_tags($comment->html),
-            ]))
-            ->action(trans('notifications.action_view_comment'), $page->getUrl('#comment' . $comment->local_id))
-            ->line($this->buildReasonFooterLine());
+        $locale = $notifiable->getLocale();
+
+        $listLines = array_filter([
+            $locale->trans('notifications.detail_page_name') => new EntityLinkMessageLine($page),
+            $locale->trans('notifications.detail_page_path') => $this->buildPagePathLine($page, $notifiable),
+            $locale->trans('notifications.detail_commenter') => $this->user->name,
+            $locale->trans('notifications.detail_comment') => strip_tags($comment->html),
+        ]);
+
+        return $this->newMailMessage($locale)
+            ->subject($locale->trans('notifications.new_comment_subject', ['pageName' => $page->getShortName()]))
+            ->line($locale->trans('notifications.new_comment_intro', ['appName' => setting('app-name')]))
+            ->line(new ListMessageLine($listLines))
+            ->action($locale->trans('notifications.action_view_comment'), $page->getUrl('#comment' . $comment->local_id))
+            ->line($this->buildReasonFooterLine($locale));
     }
 }

app/Activity/Notifications/Messages/PageCreationNotification.php

@@ -2,25 +2,32 @@
 
 namespace BookStack\Activity\Notifications\Messages;
 
+use BookStack\Activity\Notifications\MessageParts\EntityLinkMessageLine;
 use BookStack\Activity\Notifications\MessageParts\ListMessageLine;
 use BookStack\Entities\Models\Page;
+use BookStack\Users\Models\User;
 use Illuminate\Notifications\Messages\MailMessage;
 
 class PageCreationNotification extends BaseActivityNotification
 {
-    public function toMail(mixed $notifiable): MailMessage
+    public function toMail(User $notifiable): MailMessage
     {
         /** @var Page $page */
         $page = $this->detail;
 
-        return (new MailMessage())
-            ->subject(trans('notifications.new_page_subject', ['pageName' => $page->getShortName()]))
-            ->line(trans('notifications.new_page_intro', ['appName' => setting('app-name')]))
-            ->line(new ListMessageLine([
-                trans('notifications.detail_page_name') => $page->name,
-                trans('notifications.detail_created_by') => $this->user->name,
-            ]))
-            ->action(trans('notifications.action_view_page'), $page->getUrl())
-            ->line($this->buildReasonFooterLine());
+        $locale = $notifiable->getLocale();
+
+        $listLines = array_filter([
+            $locale->trans('notifications.detail_page_name') => new EntityLinkMessageLine($page),
+            $locale->trans('notifications.detail_page_path') => $this->buildPagePathLine($page, $notifiable),
+            $locale->trans('notifications.detail_created_by') => $this->user->name,
+        ]);
+
+        return $this->newMailMessage($locale)
+            ->subject($locale->trans('notifications.new_page_subject', ['pageName' => $page->getShortName()]))
+            ->line($locale->trans('notifications.new_page_intro', ['appName' => setting('app-name')]))
+            ->line(new ListMessageLine($listLines))
+            ->action($locale->trans('notifications.action_view_page'), $page->getUrl())
+            ->line($this->buildReasonFooterLine($locale));
     }
 }

app/Activity/Notifications/Messages/PageUpdateNotification.php

@@ -2,26 +2,33 @@
 
 namespace BookStack\Activity\Notifications\Messages;
 
+use BookStack\Activity\Notifications\MessageParts\EntityLinkMessageLine;
 use BookStack\Activity\Notifications\MessageParts\ListMessageLine;
 use BookStack\Entities\Models\Page;
+use BookStack\Users\Models\User;
 use Illuminate\Notifications\Messages\MailMessage;
 
 class PageUpdateNotification extends BaseActivityNotification
 {
-    public function toMail(mixed $notifiable): MailMessage
+    public function toMail(User $notifiable): MailMessage
     {
         /** @var Page $page */
         $page = $this->detail;
 
-        return (new MailMessage())
-            ->subject(trans('notifications.updated_page_subject', ['pageName' => $page->getShortName()]))
-            ->line(trans('notifications.updated_page_intro', ['appName' => setting('app-name')]))
-            ->line(new ListMessageLine([
-                trans('notifications.detail_page_name') => $page->name,
-                trans('notifications.detail_updated_by') => $this->user->name,
-            ]))
-            ->line(trans('notifications.updated_page_debounce'))
-            ->action(trans('notifications.action_view_page'), $page->getUrl())
-            ->line($this->buildReasonFooterLine());
+        $locale = $notifiable->getLocale();
+
+        $listLines = array_filter([
+            $locale->trans('notifications.detail_page_name') => new EntityLinkMessageLine($page),
+            $locale->trans('notifications.detail_page_path') => $this->buildPagePathLine($page, $notifiable),
+            $locale->trans('notifications.detail_updated_by') => $this->user->name,
+        ]);
+
+        return $this->newMailMessage($locale)
+            ->subject($locale->trans('notifications.updated_page_subject', ['pageName' => $page->getShortName()]))
+            ->line($locale->trans('notifications.updated_page_intro', ['appName' => setting('app-name')]))
+            ->line(new ListMessageLine($listLines))
+            ->line($locale->trans('notifications.updated_page_debounce'))
+            ->action($locale->trans('notifications.action_view_page'), $page->getUrl())
+            ->line($this->buildReasonFooterLine($locale));
     }
 }

app/Activity/Tools/UserEntityWatchOptions.php

@@ -22,7 +22,7 @@ class UserEntityWatchOptions
 
     public function canWatch(): bool
     {
-        return $this->user->can('receive-notifications') && !$this->user->isDefault();
+        return $this->user->can('receive-notifications') && !$this->user->isGuest();
     }
 
     public function getWatchLevel(): string

app/Api/ApiDocsController.php

@@ -31,6 +31,8 @@ class ApiDocsController extends ApiController
 
     /**
      * Redirect to the API docs page.
+     *  Required as a controller method, instead of the Route::redirect helper,
+     *  to ensure the URL is generated correctly.
      */
     public function redirect()
     {

app/Api/ApiToken.php

@@ -52,4 +52,12 @@ class ApiToken extends Model implements Loggable
     {
         return "({$this->id}) {$this->name}; User: {$this->user->logDescriptor()}";
     }
+
+    /**
+     * Get the URL for managing this token.
+     */
+    public function getUrl(string $path = ''): string
+    {
+        return url("/api-tokens/{$this->user_id}/{$this->id}/" . trim($path, '/'));
+    }
 }

app/Api/UserApiTokenController.php

@@ -14,16 +14,19 @@ class UserApiTokenController extends Controller
     /**
      * Show the form to create a new API token.
      */
-    public function create(int $userId)
+    public function create(Request $request, int $userId)
     {
-        // Ensure user is has access-api permission and is the current user or has permission to manage the current user.
         $this->checkPermission('access-api');
         $this->checkPermissionOrCurrentUser('users-manage', $userId);
+        $this->updateContext($request);
 
         $user = User::query()->findOrFail($userId);
 
+        $this->setPageTitle(trans('settings.user_api_token_create'));
+
         return view('users.api-tokens.create', [
             'user' => $user,
+            'back' => $this->getRedirectPath($user),
         ]);
     }
 
@@ -60,22 +63,27 @@ class UserApiTokenController extends Controller
         session()->flash('api-token-secret:' . $token->id, $secret);
         $this->logActivity(ActivityType::API_TOKEN_CREATE, $token);
 
-        return redirect($user->getEditUrl('/api-tokens/' . $token->id));
+        return redirect($token->getUrl());
     }
 
     /**
      * Show the details for a user API token, with access to edit.
      */
-    public function edit(int $userId, int $tokenId)
+    public function edit(Request $request, int $userId, int $tokenId)
     {
+        $this->updateContext($request);
+
         [$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId);
         $secret = session()->pull('api-token-secret:' . $token->id, null);
 
+        $this->setPageTitle(trans('settings.user_api_token'));
+
         return view('users.api-tokens.edit', [
             'user'   => $user,
             'token'  => $token,
             'model'  => $token,
             'secret' => $secret,
+            'back' => $this->getRedirectPath($user),
         ]);
     }
 
@@ -97,7 +105,7 @@ class UserApiTokenController extends Controller
 
         $this->logActivity(ActivityType::API_TOKEN_UPDATE, $token);
 
-        return redirect($user->getEditUrl('/api-tokens/' . $token->id));
+        return redirect($token->getUrl());
     }
 
     /**
@@ -107,6 +115,8 @@ class UserApiTokenController extends Controller
     {
         [$user, $token] = $this->checkPermissionAndFetchUserToken($userId, $tokenId);
 
+        $this->setPageTitle(trans('settings.user_api_token_delete'));
+
         return view('users.api-tokens.delete', [
             'user'  => $user,
             'token' => $token,
@@ -123,7 +133,7 @@ class UserApiTokenController extends Controller
 
         $this->logActivity(ActivityType::API_TOKEN_DELETE, $token);
 
-        return redirect($user->getEditUrl('#api_tokens'));
+        return redirect($this->getRedirectPath($user));
     }
 
     /**
@@ -142,4 +152,30 @@ class UserApiTokenController extends Controller
 
         return [$user, $token];
     }
+
+    /**
+     * Update the context for where the user is coming from to manage API tokens.
+     * (Track of location for correct return redirects)
+     */
+    protected function updateContext(Request $request): void
+    {
+        $context = $request->query('context');
+        if ($context) {
+            session()->put('api-token-context', $context);
+        }
+    }
+
+    /**
+     * Get the redirect path for the current api token editing session.
+     * Attempts to recall the context of where the user is editing from.
+     */
+    protected function getRedirectPath(User $relatedUser): string
+    {
+        $context = session()->get('api-token-context');
+        if ($context === 'settings' || user()->id !== $relatedUser->id) {
+            return $relatedUser->getEditUrl('#api_tokens');
+        }
+
+        return url('/my-account/auth#api_tokens');
+    }
 }

app/App/HomeController.php

@@ -78,14 +78,14 @@ class HomeController extends Controller
         }
 
         if ($homepageOption === 'bookshelves') {
-            $shelves = app(BookshelfRepo::class)->getAllPaginated(18, $commonData['listOptions']->getSort(), $commonData['listOptions']->getOrder());
+            $shelves = app()->make(BookshelfRepo::class)->getAllPaginated(18, $commonData['listOptions']->getSort(), $commonData['listOptions']->getOrder());
             $data = array_merge($commonData, ['shelves' => $shelves]);
 
             return view('home.shelves', $data);
         }
 
         if ($homepageOption === 'books') {
-            $books = app(BookRepo::class)->getAllPaginated(18, $commonData['listOptions']->getSort(), $commonData['listOptions']->getOrder());
+            $books = app()->make(BookRepo::class)->getAllPaginated(18, $commonData['listOptions']->getSort(), $commonData['listOptions']->getOrder());
             $data = array_merge($commonData, ['books' => $books]);
 
             return view('home.books', $data);
@@ -140,4 +140,12 @@ class HomeController extends Controller
         $exists = $favicons->restoreOriginalIfNotExists();
         return response()->file($exists ? $favicons->getPath() : $favicons->getOriginalPath());
     }
+
+    /**
+     * Serve a PWA application manifest.
+     */
+    public function pwaManifest(PwaManifestBuilder $manifestBuilder)
+    {
+        return response()->json($manifestBuilder->build());
+    }
 }

app/App/MailNotification.php

@@ -1,16 +1,23 @@
 <?php
 
-namespace BookStack\Notifications;
+namespace BookStack\App;
 
+use BookStack\Translation\LocaleDefinition;
+use BookStack\Users\Models\User;
 use Illuminate\Bus\Queueable;
 use Illuminate\Contracts\Queue\ShouldQueue;
 use Illuminate\Notifications\Messages\MailMessage;
 use Illuminate\Notifications\Notification;
 
-class MailNotification extends Notification implements ShouldQueue
+abstract class MailNotification extends Notification implements ShouldQueue
 {
     use Queueable;
 
+    /**
+     * Get the mail representation of the notification.
+     */
+    abstract public function toMail(User $notifiable): MailMessage;
+
     /**
      * Get the notification's channels.
      *
@@ -25,14 +32,14 @@ class MailNotification extends Notification implements ShouldQueue
 
     /**
      * Create a new mail message.
-     *
-     * @return MailMessage
      */
-    protected function newMailMessage()
+    protected function newMailMessage(?LocaleDefinition $locale = null): MailMessage
     {
+        $data = ['locale' => $locale ?? user()->getLocale()];
+
         return (new MailMessage())->view([
             'html' => 'vendor.notifications.email',
             'text' => 'vendor.notifications.email-plain',
-        ]);
+        ], $data);
     }
 }

app/App/Providers/AppServiceProvider.php

@@ -2,23 +2,22 @@
 
 namespace BookStack\App\Providers;
 
-use BookStack\Access\SocialAuthService;
+use BookStack\Access\SocialDriverManager;
 use BookStack\Activity\Tools\ActivityLogger;
 use BookStack\Entities\Models\Book;
 use BookStack\Entities\Models\Bookshelf;
 use BookStack\Entities\Models\Chapter;
 use BookStack\Entities\Models\Page;
 use BookStack\Exceptions\BookStackExceptionHandlerPage;
+use BookStack\Http\HttpRequestService;
 use BookStack\Permissions\PermissionApplicator;
 use BookStack\Settings\SettingService;
 use BookStack\Util\CspService;
-use GuzzleHttp\Client;
 use Illuminate\Contracts\Foundation\ExceptionRenderer;
 use Illuminate\Database\Eloquent\Relations\Relation;
 use Illuminate\Support\Facades\Schema;
 use Illuminate\Support\Facades\URL;
 use Illuminate\Support\ServiceProvider;
-use Psr\Http\Client\ClientInterface as HttpClientInterface;
 
 class AppServiceProvider extends ServiceProvider
 {
@@ -37,8 +36,9 @@ class AppServiceProvider extends ServiceProvider
     public $singletons = [
         'activity' => ActivityLogger::class,
         SettingService::class => SettingService::class,
-        SocialAuthService::class => SocialAuthService::class,
+        SocialDriverManager::class => SocialDriverManager::class,
         CspService::class => CspService::class,
+        HttpRequestService::class => HttpRequestService::class,
     ];
 
     /**
@@ -51,7 +51,7 @@ class AppServiceProvider extends ServiceProvider
         // Set root URL
         $appUrl = config('app.url');
         if ($appUrl) {
-            $isHttps = (strpos($appUrl, 'https://') === 0);
+            $isHttps = str_starts_with($appUrl, 'https://');
             URL::forceRootUrl($appUrl);
             URL::forceScheme($isHttps ? 'https' : 'http');
         }
@@ -75,12 +75,6 @@ class AppServiceProvider extends ServiceProvider
      */
     public function register()
     {
-        $this->app->bind(HttpClientInterface::class, function ($app) {
-            return new Client([
-                'timeout' => 3,
-            ]);
-        });
-
         $this->app->singleton(PermissionApplicator::class, function ($app) {
             return new PermissionApplicator(null);
         });

app/App/Providers/AuthServiceProvider.php

@@ -9,6 +9,7 @@ use BookStack\Access\LdapService;
 use BookStack\Access\LoginService;
 use BookStack\Access\RegistrationService;
 use BookStack\Api\ApiTokenGuard;
+use BookStack\Users\Models\User;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\ServiceProvider;
 use Illuminate\Validation\Rules\Password;
@@ -65,5 +66,11 @@ class AuthServiceProvider extends ServiceProvider
         Auth::provider('external-users', function ($app, array $config) {
             return new ExternalBaseUserProvider($config['model']);
         });
+
+        // Bind and provide the default system user as a singleton to the app instance when needed.
+        // This effectively "caches" fetching the user at an app-instance level.
+        $this->app->singleton('users.default', function () {
+            return User::query()->where('system_name', '=', 'public')->first();
+        });
     }
 }

app/App/Providers/EventServiceProvider.php

@@ -3,7 +3,12 @@
 namespace BookStack\App\Providers;
 
 use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
+use SocialiteProviders\Azure\AzureExtendSocialite;
+use SocialiteProviders\Discord\DiscordExtendSocialite;
+use SocialiteProviders\GitLab\GitLabExtendSocialite;
 use SocialiteProviders\Manager\SocialiteWasCalled;
+use SocialiteProviders\Okta\OktaExtendSocialite;
+use SocialiteProviders\Twitch\TwitchExtendSocialite;
 
 class EventServiceProvider extends ServiceProvider
 {
@@ -14,12 +19,11 @@ class EventServiceProvider extends ServiceProvider
      */
     protected $listen = [
         SocialiteWasCalled::class => [
-            'SocialiteProviders\Slack\SlackExtendSocialite@handle',
-            'SocialiteProviders\Azure\AzureExtendSocialite@handle',
-            'SocialiteProviders\Okta\OktaExtendSocialite@handle',
-            'SocialiteProviders\GitLab\GitLabExtendSocialite@handle',
-            'SocialiteProviders\Twitch\TwitchExtendSocialite@handle',
-            'SocialiteProviders\Discord\DiscordExtendSocialite@handle',
+            AzureExtendSocialite::class . '@handle',
+            OktaExtendSocialite::class . '@handle',
+            GitLabExtendSocialite::class . '@handle',
+            TwitchExtendSocialite::class . '@handle',
+            DiscordExtendSocialite::class . '@handle',
         ],
     ];
 

app/App/Providers/RouteServiceProvider.php

@@ -2,9 +2,12 @@
 
 namespace BookStack\App\Providers;
 
+use BookStack\Facades\Theme;
+use BookStack\Theming\ThemeEvents;
 use Illuminate\Cache\RateLimiting\Limit;
 use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
 use Illuminate\Http\Request;
+use Illuminate\Routing\Router;
 use Illuminate\Support\Facades\RateLimiter;
 use Illuminate\Support\Facades\Route;
 
@@ -46,8 +49,15 @@ class RouteServiceProvider extends ServiceProvider
         Route::group([
             'middleware' => 'web',
             'namespace'  => $this->namespace,
-        ], function ($router) {
+        ], function (Router $router) {
             require base_path('routes/web.php');
+            Theme::dispatch(ThemeEvents::ROUTES_REGISTER_WEB, $router);
+        });
+
+        Route::group([
+            'middleware' => ['web', 'auth'],
+        ], function (Router $router) {
+            Theme::dispatch(ThemeEvents::ROUTES_REGISTER_WEB_AUTH, $router);
         });
     }
 

app/App/Providers/ThemeServiceProvider.php

@@ -4,6 +4,7 @@ namespace BookStack\App\Providers;
 
 use BookStack\Theming\ThemeEvents;
 use BookStack\Theming\ThemeService;
+use Illuminate\Support\Facades\Route;
 use Illuminate\Support\ServiceProvider;
 
 class ThemeServiceProvider extends ServiceProvider

app/App/Providers/ViewTweaksServiceProvider.php

@@ -25,7 +25,7 @@ class ViewTweaksServiceProvider extends ServiceProvider
 
         // Custom blade view directives
         Blade::directive('icon', function ($expression) {
-            return "<?php echo icon($expression); ?>";
+            return "<?php echo (new \BookStack\Util\SvgIcon($expression))->toHtml(); ?>";
         });
     }
 }

app/App/PwaManifestBuilder.php

@@ -0,0 +1,64 @@
+<?php
+
+namespace BookStack\App;
+
+class PwaManifestBuilder
+{
+    public function build(): array
+    {
+        // Note, while we attempt to use the user's preference here, the request to the manifest
+        // does not start a session, so we won't have current user context.
+        // This was attempted but removed since manifest calls could affect user session
+        // history tracking and back redirection.
+        // Context: https://github.com/BookStackApp/BookStack/issues/4649
+        $darkMode = (bool) setting()->getForCurrentUser('dark-mode-enabled');
+        $appName = setting('app-name');
+
+        return [
+            "name" => $appName,
+            "short_name" => $appName,
+            "start_url" => "./",
+            "scope" => "/",
+            "display" => "standalone",
+            "background_color" => $darkMode ? '#111111' : '#F2F2F2',
+            "description" => $appName,
+            "theme_color" => ($darkMode ? setting('app-color-dark') : setting('app-color')),
+            "launch_handler" => [
+                "client_mode" => "focus-existing"
+            ],
+            "orientation" => "portrait",
+            "icons" => [
+                [
+                    "src" => setting('app-icon-32') ?: url('/icon-32.png'),
+                    "sizes" => "32x32",
+                    "type" => "image/png"
+                ],
+                [
+                    "src" => setting('app-icon-64') ?: url('/icon-64.png'),
+                    "sizes" => "64x64",
+                    "type" => "image/png"
+                ],
+                [
+                    "src" => setting('app-icon-128') ?: url('/icon-128.png'),
+                    "sizes" => "128x128",
+                    "type" => "image/png"
+                ],
+                [
+                    "src" => setting('app-icon-180') ?: url('/icon-180.png'),
+                    "sizes" => "180x180",
+                    "type" => "image/png"
+                ],
+                [
+                    "src" => setting('app-icon') ?: url('/icon.png'),
+                    "sizes" => "256x256",
+                    "type" => "image/png"
+                ],
+                [
+                    "src" => url('favicon.ico'),
+                    "sizes" => "48x48",
+                    "type" => "image/vnd.microsoft.icon"
+                ],
+            ],
+        ];
+    }
+}

app/App/helpers.php

@@ -35,23 +35,7 @@ function versioned_asset(string $file = ''): string
  */
 function user(): User
 {
-    return auth()->user() ?: User::getDefault();
-}
-
-/**
- * Check if current user is a signed in user.
- */
-function signedInUser(): bool
-{
-    return auth()->user() && !auth()->user()->isDefault();
-}
-
-/**
- * Check if the current user has general access.
- */
-function hasAppAccess(): bool
-{
-    return !auth()->guest() || setting('app-public');
+    return auth()->user() ?: User::getGuest();
 }
 
 /**
@@ -61,11 +45,11 @@ function hasAppAccess(): bool
 function userCan(string $permission, Model $ownable = null): bool
 {
     if ($ownable === null) {
-        return user() && user()->can($permission);
+        return user()->can($permission);
     }
 
     // Check permission on ownable item
-    $permissions = app(PermissionApplicator::class);
+    $permissions = app()->make(PermissionApplicator::class);
 
     return $permissions->checkOwnableUserAccess($ownable, $permission);
 }
@@ -76,7 +60,7 @@ function userCan(string $permission, Model $ownable = null): bool
  */
 function userCanOnAny(string $action, string $entityClass = ''): bool
 {
-    $permissions = app(PermissionApplicator::class);
+    $permissions = app()->make(PermissionApplicator::class);
 
     return $permissions->checkUserHasEntityPermissionOnAny($action, $entityClass);
 }
@@ -88,7 +72,7 @@ function userCanOnAny(string $action, string $entityClass = ''): bool
  */
 function setting(string $key = null, $default = null)
 {
-    $settingService = resolve(SettingService::class);
+    $settingService = app()->make(SettingService::class);
 
     if (is_null($key)) {
         return $settingService;
@@ -113,39 +97,6 @@ function theme_path(string $path = ''): ?string
     return base_path('themes/' . $theme . ($path ? DIRECTORY_SEPARATOR . $path : $path));
 }
 
-/**
- * Get fetch an SVG icon as a string.
- * Checks for icons defined within a custom theme before defaulting back
- * to the 'resources/assets/icons' folder.
- *
- * Returns an empty string if icon file not found.
- */
-function icon(string $name, array $attrs = []): string
-{
-    $attrs = array_merge([
-        'class'     => 'svg-icon',
-        'data-icon' => $name,
-        'role'      => 'presentation',
-    ], $attrs);
-    $attrString = ' ';
-    foreach ($attrs as $attrName => $attr) {
-        $attrString .= $attrName . '="' . $attr . '" ';
-    }
-
-    $iconPath = resource_path('icons/' . $name . '.svg');
-    $themeIconPath = theme_path('icons/' . $name . '.svg');
-
-    if ($themeIconPath && file_exists($themeIconPath)) {
-        $iconPath = $themeIconPath;
-    } elseif (!file_exists($iconPath)) {
-        return '';
-    }
-
-    $fileContents = file_get_contents($iconPath);
-
-    return  str_replace('<svg', '<svg' . $attrString, $fileContents);
-}
-
 /**
  * Generate a URL with multiple parameters for sorting purposes.
  * Works out the logic to set the correct sorting direction

app/Config/app.php

@@ -83,10 +83,10 @@ return [
     'timezone' => env('APP_TIMEZONE', 'UTC'),
 
     // Default locale to use
+    // A default variant is also stored since Laravel can overwrite
+    // app.locale when dynamically setting the locale in-app.
     'locale' => env('APP_LANG', 'en'),
-
-    // Locales available
-    'locales' => ['en', 'ar', 'bg', 'bs', 'ca', 'cs', 'cy', 'da', 'de', 'de_informal', 'el', 'es', 'es_AR', 'et', 'eu', 'fa', 'fr', 'he', 'hr', 'hu', 'id', 'it', 'ja', 'ka', 'ko', 'lt', 'lv', 'nl', 'nb', 'pt', 'pt_BR', 'sk', 'sl', 'sv', 'pl',  'ro', 'ru', 'tr', 'uk', 'uz', 'vi', 'zh_CN', 'zh_TW'],
+    'default_locale' => env('APP_LANG', 'en'),
 
     //  Application Fallback Locale
     'fallback_locale' => 'en',
@@ -94,9 +94,6 @@ return [
     // Faker Locale
     'faker_locale' => 'en_GB',
 
-    // Enable right-to-left text control.
-    'rtl' => false,
-
     // Auto-detect the locale for public users
     // For public users their locale can be guessed by headers sent by their
     // browser. This is usually set by users in their browser settings.
@@ -144,7 +141,6 @@ return [
         // Third party service providers
         Barryvdh\DomPDF\ServiceProvider::class,
         Barryvdh\Snappy\ServiceProvider::class,
-        Intervention\Image\ImageServiceProvider::class,
         SocialiteProviders\Manager\ServiceProvider::class,
 
         // BookStack custom service providers
@@ -164,9 +160,6 @@ return [
         // Laravel Packages
         'Socialite'    => Laravel\Socialite\Facades\Socialite::class,
 
-        // Third Party
-        'ImageTool' => Intervention\Image\Facades\Image::class,
-
         // Custom BookStack
         'Activity'    => BookStack\Facades\Activity::class,
         'Theme'       => BookStack\Facades\Theme::class,

app/Config/mail.php

@@ -22,7 +22,7 @@ return [
 
     // Global "From" address & name
     'from' => [
-        'address' => env('MAIL_FROM', 'mail@bookstackapp.com'),
+        'address' => env('MAIL_FROM', 'bookstack@example.com'),
         'name'    => env('MAIL_FROM_NAME', 'BookStack'),
     ],
 

app/Config/oidc.php

@@ -9,7 +9,7 @@ return [
     'dump_user_details' => env('OIDC_DUMP_USER_DETAILS', false),
 
     // Claim, within an OpenId token, to find the user's display name
-    'display_name_claims' => explode('|', env('OIDC_DISPLAY_NAME_CLAIMS', 'name')),
+    'display_name_claims' => env('OIDC_DISPLAY_NAME_CLAIMS', 'name'),
 
     // Claim, within an OpenID token, to use to connect a BookStack user to the OIDC user.
     'external_id_claim' => env('OIDC_EXTERNAL_ID_CLAIM', 'sub'),
@@ -36,6 +36,12 @@ return [
     'authorization_endpoint' => env('OIDC_AUTH_ENDPOINT', null),
     'token_endpoint'         => env('OIDC_TOKEN_ENDPOINT', null),
 
+    // OIDC RP-Initiated Logout endpoint URL.
+    // A false value force-disables RP-Initiated Logout.
+    // A true value gets the URL from discovery, if active.
+    // A string value is used as the URL.
+    'end_session_endpoint' => env('OIDC_END_SESSION_ENDPOINT', false),
+
     // Add extra scopes, upon those required, to the OIDC authentication request
     // Multiple values can be provided comma seperated.
     'additional_scopes' => env('OIDC_ADDITIONAL_SCOPES', null),
@@ -45,6 +51,6 @@ return [
     'user_to_groups' => env('OIDC_USER_TO_GROUPS', false),
     // Attribute, within a OIDC ID token, to find group names within
     'groups_claim' => env('OIDC_GROUPS_CLAIM', 'groups'),
-    // When syncing groups, remove any groups that no longer match. Otherwise sync only adds new groups.
+    // When syncing groups, remove any groups that no longer match. Otherwise, sync only adds new groups.
     'remove_from_groups' => env('OIDC_REMOVE_FROM_GROUPS', false),
 ];

app/Console/Commands/CleanupImagesCommand.php

@@ -35,7 +35,7 @@ class CleanupImagesCommand extends Command
 
         if (!$dryRun) {
             $this->warn("This operation is destructive and is not guaranteed to be fully accurate.\nEnsure you have a backup of your images.\n");
-            $proceed = $this->confirm("Are you sure you want to proceed?");
+            $proceed = !$this->input->isInteractive() || $this->confirm("Are you sure you want to proceed?");
             if (!$proceed) {
                 return 0;
             }
@@ -46,7 +46,7 @@ class CleanupImagesCommand extends Command
 
         if ($dryRun) {
             $this->comment('Dry run, no images have been deleted');
-            $this->comment($deleteCount . ' images found that would have been deleted');
+            $this->comment($deleteCount . ' image(s) found that would have been deleted');
             $this->showDeletedImages($deleted);
             $this->comment('Run with -f or --force to perform deletions');
 
@@ -54,7 +54,8 @@ class CleanupImagesCommand extends Command
         }
 
         $this->showDeletedImages($deleted);
-        $this->comment($deleteCount . ' images deleted');
+        $this->comment("{$deleteCount} image(s) deleted");
+
         return 0;
     }
 
@@ -65,7 +66,7 @@ class CleanupImagesCommand extends Command
         }
 
         if (count($paths) > 0) {
-            $this->line('Images to delete:');
+            $this->line('Image(s) to delete:');
         }
 
         foreach ($paths as $path) {

app/Console/Commands/HandlesSingleUser.php

@@ -0,0 +1,40 @@
+<?php
+
+namespace BookStack\Console\Commands;
+
+use BookStack\Users\Models\User;
+use Exception;
+use Illuminate\Console\Command;
+
+/**
+ * @mixin Command
+ */
+trait HandlesSingleUser
+{
+    /**
+     * Fetch a user provided to this command.
+     * Expects the command to accept 'id' and 'email' options.
+     * @throws Exception
+     */
+    private function fetchProvidedUser(): User
+    {
+        $id = $this->option('id');
+        $email = $this->option('email');
+        if (!$id && !$email) {
+            throw new Exception("Either a --id=<number> or --email=<email> option must be provided.\nRun this command with `--help` to show more options.");
+        }
+
+        $field = $id ? 'id' : 'email';
+        $value = $id ?: $email;
+
+        $user = User::query()
+            ->where($field, '=', $value)
+            ->first();
+
+        if (!$user) {
+            throw new Exception("A user where {$field}={$value} could not be found.");
+        }
+
+        return $user;
+    }
+}

app/Console/Commands/RefreshAvatarCommand.php

@@ -0,0 +1,116 @@
+<?php
+
+namespace BookStack\Console\Commands;
+
+use BookStack\Users\Models\User;
+use Exception;
+use Illuminate\Console\Command;
+use BookStack\Uploads\UserAvatars;
+
+class RefreshAvatarCommand extends Command
+{
+    use HandlesSingleUser;
+
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'bookstack:refresh-avatar
+                            {--id= : Numeric ID of the user to refresh avatar for}
+                            {--email= : Email address of the user to refresh avatar for}
+                            {--users-without-avatars : Refresh avatars for users that currently have no avatar}
+                            {--a|all : Refresh avatars for all users}
+                            {--f|force : Actually run the update, Defaults to a dry-run}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Refresh avatar for the given user(s)';
+
+    public function handle(UserAvatars $userAvatar): int
+    {
+        if (!$userAvatar->avatarFetchEnabled()) {
+            $this->error("Avatar fetching is disabled on this instance.");
+            return self::FAILURE;
+        }
+
+        if ($this->option('users-without-avatars')) {
+            return $this->processUsers(User::query()->whereDoesntHave('avatar')->get()->all(), $userAvatar);
+        }
+
+        if ($this->option('all')) {
+            return $this->processUsers(User::query()->get()->all(), $userAvatar);
+        }
+
+        try {
+            $user = $this->fetchProvidedUser();
+            return $this->processUsers([$user], $userAvatar);
+        } catch (Exception $exception) {
+            $this->error($exception->getMessage());
+            return self::FAILURE;
+        }
+    }
+
+    /**
+     * @param User[] $users
+     */
+    private function processUsers(array $users, UserAvatars $userAvatar): int
+    {
+        $dryRun = !$this->option('force');
+        $this->info(count($users) . " user(s) found to update avatars for.");
+
+        if (count($users) === 0) {
+            return self::SUCCESS;
+        }
+
+        if (!$dryRun) {
+            $fetchHost = parse_url($userAvatar->getAvatarUrl(), PHP_URL_HOST);
+            $this->warn("This will destroy any existing avatar images these users have, and attempt to fetch new avatar images from {$fetchHost}.");
+            $proceed = !$this->input->isInteractive() || $this->confirm('Are you sure you want to proceed?');
+            if (!$proceed) {
+                return self::SUCCESS;
+            }
+        }
+
+        $this->info("");
+
+        $exitCode = self::SUCCESS;
+        foreach ($users as $user) {
+            $linePrefix = "[ID: {$user->id}] $user->email -";
+
+            if ($dryRun) {
+                $this->warn("{$linePrefix} Not updated");
+                continue;
+            }
+
+            if ($this->fetchAvatar($userAvatar, $user)) {
+                $this->info("{$linePrefix} Updated");
+            } else {
+                $this->error("{$linePrefix} Not updated");
+                $exitCode = self::FAILURE;
+            }
+        }
+
+        if ($dryRun) {
+            $this->comment("");
+            $this->comment("Dry run, no avatars were updated.");
+            $this->comment('Run with -f or --force to perform the update.');
+        }
+
+        return $exitCode;
+    }
+
+    private function fetchAvatar(UserAvatars $userAvatar, User $user): bool
+    {
+        $oldId = $user->avatar->id ?? 0;
+
+        $userAvatar->fetchAndAssignToUser($user);
+
+        $user->refresh();
+        $newId = $user->avatar->id ?? $oldId;
+        return $oldId !== $newId;
+    }
+}

app/Console/Commands/RegenerateReferencesCommand.php

@@ -34,7 +34,7 @@ class RegenerateReferencesCommand extends Command
             DB::setDefaultConnection($this->option('database'));
         }
 
-        $references->updateForAllPages();
+        $references->updateForAll();
 
         DB::setDefaultConnection($connection);
 

app/Console/Commands/ResetMfaCommand.php

@@ -2,11 +2,13 @@
 
 namespace BookStack\Console\Commands;
 
-use BookStack\Users\Models\User;
+use Exception;
 use Illuminate\Console\Command;
 
 class ResetMfaCommand extends Command
 {
+    use HandlesSingleUser;
+
     /**
      * The name and signature of the console command.
      *
@@ -29,25 +31,10 @@ class ResetMfaCommand extends Command
      */
     public function handle(): int
     {
-        $id = $this->option('id');
-        $email = $this->option('email');
-        if (!$id && !$email) {
-            $this->error('Either a --id=<number> or --email=<email> option must be provided.');
-
-            return 1;
-        }
-
-        $field = $id ? 'id' : 'email';
-        $value = $id ?: $email;
-
-        /** @var User $user */
-        $user = User::query()
-            ->where($field, '=', $value)
-            ->first();
-
-        if (!$user) {
-            $this->error("A user where {$field}={$value} could not be found.");
-
+        try {
+            $user = $this->fetchProvidedUser();
+        } catch (Exception $exception) {
+            $this->error($exception->getMessage());
             return 1;
         }
 

app/Console/Commands/UpdateUrlCommand.php

@@ -46,6 +46,9 @@ class UpdateUrlCommand extends Command
         $columnsToUpdateByTable = [
             'attachments' => ['path'],
             'pages'       => ['html', 'text', 'markdown'],
+            'chapters'    => ['description_html'],
+            'books'       => ['description_html'],
+            'bookshelves' => ['description_html'],
             'images'      => ['url'],
             'settings'    => ['value'],
             'comments'    => ['html', 'text'],

app/Entities/BreadcrumbsViewComposer.php

@@ -8,29 +8,21 @@ use Illuminate\View\View;
 
 class BreadcrumbsViewComposer
 {
-    protected $entityContextManager;
-
-    /**
-     * BreadcrumbsViewComposer constructor.
-     *
-     * @param ShelfContext $entityContextManager
-     */
-    public function __construct(ShelfContext $entityContextManager)
-    {
-        $this->entityContextManager = $entityContextManager;
+    public function __construct(
+        protected ShelfContext $shelfContext
+    ) {
     }
 
     /**
      * Modify data when the view is composed.
-     *
-     * @param View $view
      */
-    public function compose(View $view)
+    public function compose(View $view): void
     {
         $crumbs = $view->getData()['crumbs'];
         $firstCrumb = $crumbs[0] ?? null;
+
         if ($firstCrumb instanceof Book) {
-            $shelf = $this->entityContextManager->getContextualShelfForBook($firstCrumb);
+            $shelf = $this->shelfContext->getContextualShelfForBook($firstCrumb);
             if ($shelf) {
                 array_unshift($crumbs, $shelf);
                 $view->with('crumbs', $crumbs);

app/Entities/Controllers/BookApiController.php

@@ -14,11 +14,9 @@ use Illuminate\Validation\ValidationException;
 
 class BookApiController extends ApiController
 {
-    protected BookRepo $bookRepo;
-
-    public function __construct(BookRepo $bookRepo)
-    {
-        $this->bookRepo = $bookRepo;
+    public function __construct(
+        protected BookRepo $bookRepo
+    ) {
     }
 
     /**
@@ -47,7 +45,7 @@ class BookApiController extends ApiController
 
         $book = $this->bookRepo->create($requestData);
 
-        return response()->json($book);
+        return response()->json($this->forJsonDisplay($book));
     }
 
     /**
@@ -58,7 +56,9 @@ class BookApiController extends ApiController
      */
     public function read(string $id)
     {
-        $book = Book::visible()->with(['tags', 'cover', 'createdBy', 'updatedBy', 'ownedBy'])->findOrFail($id);
+        $book = Book::visible()->findOrFail($id);
+        $book = $this->forJsonDisplay($book);
+        $book->load(['createdBy', 'updatedBy', 'ownedBy']);
 
         $contents = (new BookContents($book))->getTree(true, false)->all();
         $contentsApiData = (new ApiEntityListFormatter($contents))
@@ -89,7 +89,7 @@ class BookApiController extends ApiController
         $requestData = $this->validate($request, $this->rules()['update']);
         $book = $this->bookRepo->update($book, $requestData);
 
-        return response()->json($book);
+        return response()->json($this->forJsonDisplay($book));
     }
 
     /**
@@ -108,20 +108,36 @@ class BookApiController extends ApiController
         return response('', 204);
     }
 
+    protected function forJsonDisplay(Book $book): Book
+    {
+        $book = clone $book;
+        $book->unsetRelations()->refresh();
+
+        $book->load(['tags', 'cover']);
+        $book->makeVisible('description_html')
+            ->setAttribute('description_html', $book->descriptionHtml());
+
+        return $book;
+    }
+
     protected function rules(): array
     {
         return [
             'create' => [
-                'name'        => ['required', 'string', 'max:255'],
-                'description' => ['string', 'max:1000'],
-                'tags'        => ['array'],
-                'image'       => array_merge(['nullable'], $this->getImageValidationRules()),
+                'name'                => ['required', 'string', 'max:255'],
+                'description'         => ['string', 'max:1900'],
+                'description_html'    => ['string', 'max:2000'],
+                'tags'                => ['array'],
+                'image'               => array_merge(['nullable'], $this->getImageValidationRules()),
+                'default_template_id' => ['nullable', 'integer'],
             ],
             'update' => [
-                'name'        => ['string', 'min:1', 'max:255'],
-                'description' => ['string', 'max:1000'],
-                'tags'        => ['array'],
-                'image'       => array_merge(['nullable'], $this->getImageValidationRules()),
+                'name'                => ['string', 'min:1', 'max:255'],
+                'description'         => ['string', 'max:1900'],
+                'description_html'    => ['string', 'max:2000'],
+                'tags'                => ['array'],
+                'image'               => array_merge(['nullable'], $this->getImageValidationRules()),
+                'default_template_id' => ['nullable', 'integer'],
             ],
         ];
     }

app/Entities/Controllers/BookController.php

@@ -24,15 +24,11 @@ use Throwable;
 
 class BookController extends Controller
 {
-    protected BookRepo $bookRepo;
-    protected ShelfContext $shelfContext;
-    protected ReferenceFetcher $referenceFetcher;
-
-    public function __construct(ShelfContext $entityContextManager, BookRepo $bookRepo, ReferenceFetcher $referenceFetcher)
-    {
-        $this->bookRepo = $bookRepo;
-        $this->shelfContext = $entityContextManager;
-        $this->referenceFetcher = $referenceFetcher;
+    public function __construct(
+        protected ShelfContext $shelfContext,
+        protected BookRepo $bookRepo,
+        protected ReferenceFetcher $referenceFetcher
+    ) {
     }
 
     /**
@@ -96,10 +92,11 @@ class BookController extends Controller
     {
         $this->checkPermission('book-create-all');
         $validated = $this->validate($request, [
-            'name'        => ['required', 'string', 'max:255'],
-            'description' => ['string', 'max:1000'],
-            'image'       => array_merge(['nullable'], $this->getImageValidationRules()),
-            'tags'        => ['array'],
+            'name'                => ['required', 'string', 'max:255'],
+            'description_html'    => ['string', 'max:2000'],
+            'image'               => array_merge(['nullable'], $this->getImageValidationRules()),
+            'tags'                => ['array'],
+            'default_template_id' => ['nullable', 'integer'],
         ]);
 
         $bookshelf = null;
@@ -141,7 +138,7 @@ class BookController extends Controller
             'bookParentShelves' => $bookParentShelves,
             'watchOptions'      => new UserEntityWatchOptions(user(), $book),
             'activity'          => $activities->entityActivity($book, 20, 1),
-            'referenceCount'    => $this->referenceFetcher->getPageReferenceCountToEntity($book),
+            'referenceCount'    => $this->referenceFetcher->getReferenceCountToEntity($book),
         ]);
     }
 
@@ -170,10 +167,11 @@ class BookController extends Controller
         $this->checkOwnablePermission('book-update', $book);
 
         $validated = $this->validate($request, [
-            'name'        => ['required', 'string', 'max:255'],
-            'description' => ['string', 'max:1000'],
-            'image'       => array_merge(['nullable'], $this->getImageValidationRules()),
-            'tags'        => ['array'],
+            'name'                => ['required', 'string', 'max:255'],
+            'description_html'    => ['string', 'max:2000'],
+            'image'               => array_merge(['nullable'], $this->getImageValidationRules()),
+            'tags'                => ['array'],
+            'default_template_id' => ['nullable', 'integer'],
         ]);
 
         if ($request->has('image_reset')) {

app/Entities/Controllers/BookshelfApiController.php

@@ -12,11 +12,9 @@ use Illuminate\Validation\ValidationException;
 
 class BookshelfApiController extends ApiController
 {
-    protected BookshelfRepo $bookshelfRepo;
-
-    public function __construct(BookshelfRepo $bookshelfRepo)
-    {
-        $this->bookshelfRepo = $bookshelfRepo;
+    public function __construct(
+        protected BookshelfRepo $bookshelfRepo
+    ) {
     }
 
     /**
@@ -48,7 +46,7 @@ class BookshelfApiController extends ApiController
         $bookIds = $request->get('books', []);
         $shelf = $this->bookshelfRepo->create($requestData, $bookIds);
 
-        return response()->json($shelf);
+        return response()->json($this->forJsonDisplay($shelf));
     }
 
     /**
@@ -56,12 +54,14 @@ class BookshelfApiController extends ApiController
      */
     public function read(string $id)
     {
-        $shelf = Bookshelf::visible()->with([
-            'tags', 'cover', 'createdBy', 'updatedBy', 'ownedBy',
+        $shelf = Bookshelf::visible()->findOrFail($id);
+        $shelf = $this->forJsonDisplay($shelf);
+        $shelf->load([
+            'createdBy', 'updatedBy', 'ownedBy',
             'books' => function (BelongsToMany $query) {
                 $query->scopes('visible')->get(['id', 'name', 'slug']);
             },
-        ])->findOrFail($id);
+        ]);
 
         return response()->json($shelf);
     }
@@ -86,7 +86,7 @@ class BookshelfApiController extends ApiController
 
         $shelf = $this->bookshelfRepo->update($shelf, $requestData, $bookIds);
 
-        return response()->json($shelf);
+        return response()->json($this->forJsonDisplay($shelf));
     }
 
     /**
@@ -105,22 +105,36 @@ class BookshelfApiController extends ApiController
         return response('', 204);
     }
 
+    protected function forJsonDisplay(Bookshelf $shelf): Bookshelf
+    {
+        $shelf = clone $shelf;
+        $shelf->unsetRelations()->refresh();
+
+        $shelf->load(['tags', 'cover']);
+        $shelf->makeVisible('description_html')
+            ->setAttribute('description_html', $shelf->descriptionHtml());
+
+        return $shelf;
+    }
+
     protected function rules(): array
     {
         return [
             'create' => [
-                'name'        => ['required', 'string', 'max:255'],
-                'description' => ['string', 'max:1000'],
-                'books'       => ['array'],
-                'tags'        => ['array'],
-                'image'       => array_merge(['nullable'], $this->getImageValidationRules()),
+                'name'             => ['required', 'string', 'max:255'],
+                'description'      => ['string', 'max:1900'],
+                'description_html' => ['string', 'max:2000'],
+                'books'            => ['array'],
+                'tags'             => ['array'],
+                'image'            => array_merge(['nullable'], $this->getImageValidationRules()),
             ],
             'update' => [
-                'name'        => ['string', 'min:1', 'max:255'],
-                'description' => ['string', 'max:1000'],
-                'books'       => ['array'],
-                'tags'        => ['array'],
-                'image'       => array_merge(['nullable'], $this->getImageValidationRules()),
+                'name'             => ['string', 'min:1', 'max:255'],
+                'description'      => ['string', 'max:1900'],
+                'description_html' => ['string', 'max:2000'],
+                'books'            => ['array'],
+                'tags'             => ['array'],
+                'image'            => array_merge(['nullable'], $this->getImageValidationRules()),
             ],
         ];
     }

app/Entities/Controllers/BookshelfController.php

@@ -18,15 +18,11 @@ use Illuminate\Validation\ValidationException;
 
 class BookshelfController extends Controller
 {
-    protected BookshelfRepo $shelfRepo;
-    protected ShelfContext $shelfContext;
-    protected ReferenceFetcher $referenceFetcher;
-
-    public function __construct(BookshelfRepo $shelfRepo, ShelfContext $shelfContext, ReferenceFetcher $referenceFetcher)
-    {
-        $this->shelfRepo = $shelfRepo;
-        $this->shelfContext = $shelfContext;
-        $this->referenceFetcher = $referenceFetcher;
+    public function __construct(
+        protected BookshelfRepo $shelfRepo,
+        protected ShelfContext $shelfContext,
+        protected ReferenceFetcher $referenceFetcher
+    ) {
     }
 
     /**
@@ -81,10 +77,10 @@ class BookshelfController extends Controller
     {
         $this->checkPermission('bookshelf-create-all');
         $validated = $this->validate($request, [
-            'name'        => ['required', 'string', 'max:255'],
-            'description' => ['string', 'max:1000'],
-            'image'       => array_merge(['nullable'], $this->getImageValidationRules()),
-            'tags'        => ['array'],
+            'name'             => ['required', 'string', 'max:255'],
+            'description_html' => ['string', 'max:2000'],
+            'image'            => array_merge(['nullable'], $this->getImageValidationRules()),
+            'tags'             => ['array'],
         ]);
 
         $bookIds = explode(',', $request->get('books', ''));
@@ -129,7 +125,7 @@ class BookshelfController extends Controller
             'view'                    => $view,
             'activity'                => $activities->entityActivity($shelf, 20, 1),
             'listOptions'             => $listOptions,
-            'referenceCount'          => $this->referenceFetcher->getPageReferenceCountToEntity($shelf),
+            'referenceCount'          => $this->referenceFetcher->getReferenceCountToEntity($shelf),
         ]);
     }
 
@@ -164,10 +160,10 @@ class BookshelfController extends Controller
         $shelf = $this->shelfRepo->getBySlug($slug);
         $this->checkOwnablePermission('bookshelf-update', $shelf);
         $validated = $this->validate($request, [
-            'name'        => ['required', 'string', 'max:255'],
-            'description' => ['string', 'max:1000'],
-            'image'       => array_merge(['nullable'], $this->getImageValidationRules()),
-            'tags'        => ['array'],
+            'name'             => ['required', 'string', 'max:255'],
+            'description_html' => ['string', 'max:2000'],
+            'image'            => array_merge(['nullable'], $this->getImageValidationRules()),
+            'tags'             => ['array'],
         ]);
 
         if ($request->has('image_reset')) {

app/Entities/Controllers/ChapterApiController.php

@@ -15,18 +15,20 @@ class ChapterApiController extends ApiController
 {
     protected $rules = [
         'create' => [
-            'book_id'     => ['required', 'integer'],
-            'name'        => ['required', 'string', 'max:255'],
-            'description' => ['string', 'max:1000'],
-            'tags'        => ['array'],
-            'priority'    => ['integer'],
+            'book_id'          => ['required', 'integer'],
+            'name'             => ['required', 'string', 'max:255'],
+            'description'      => ['string', 'max:1900'],
+            'description_html' => ['string', 'max:2000'],
+            'tags'             => ['array'],
+            'priority'         => ['integer'],
         ],
         'update' => [
-            'book_id'     => ['integer'],
-            'name'        => ['string', 'min:1', 'max:255'],
-            'description' => ['string', 'max:1000'],
-            'tags'        => ['array'],
-            'priority'    => ['integer'],
+            'book_id'          => ['integer'],
+            'name'             => ['string', 'min:1', 'max:255'],
+            'description'      => ['string', 'max:1900'],
+            'description_html' => ['string', 'max:2000'],
+            'tags'             => ['array'],
+            'priority'         => ['integer'],
         ],
     ];
 
@@ -61,7 +63,7 @@ class ChapterApiController extends ApiController
 
         $chapter = $this->chapterRepo->create($requestData, $book);
 
-        return response()->json($chapter->load(['tags']));
+        return response()->json($this->forJsonDisplay($chapter));
     }
 
     /**
@@ -69,9 +71,15 @@ class ChapterApiController extends ApiController
      */
     public function read(string $id)
     {
-        $chapter = Chapter::visible()->with(['tags', 'createdBy', 'updatedBy', 'ownedBy', 'pages' => function (HasMany $query) {
-            $query->scopes('visible')->get(['id', 'name', 'slug']);
-        }])->findOrFail($id);
+        $chapter = Chapter::visible()->findOrFail($id);
+        $chapter = $this->forJsonDisplay($chapter);
+
+        $chapter->load([
+            'createdBy', 'updatedBy', 'ownedBy',
+            'pages' => function (HasMany $query) {
+                $query->scopes('visible')->get(['id', 'name', 'slug']);
+            }
+        ]);
 
         return response()->json($chapter);
     }
@@ -93,7 +101,7 @@ class ChapterApiController extends ApiController
             try {
                 $this->chapterRepo->move($chapter, "book:{$requestData['book_id']}");
             } catch (Exception $exception) {
-                if ($exception instanceof  PermissionsException) {
+                if ($exception instanceof PermissionsException) {
                     $this->showPermissionError();
                 }
 
@@ -103,7 +111,7 @@ class ChapterApiController extends ApiController
 
         $updatedChapter = $this->chapterRepo->update($chapter, $requestData);
 
-        return response()->json($updatedChapter->load(['tags']));
+        return response()->json($this->forJsonDisplay($updatedChapter));
     }
 
     /**
@@ -119,4 +127,16 @@ class ChapterApiController extends ApiController
 
         return response('', 204);
     }
+
+    protected function forJsonDisplay(Chapter $chapter): Chapter
+    {
+        $chapter = clone $chapter;
+        $chapter->unsetRelations()->refresh();
+
+        $chapter->load(['tags']);
+        $chapter->makeVisible('description_html')
+            ->setAttribute('description_html', $chapter->descriptionHtml());
+
+        return $chapter;
+    }
 }

app/Entities/Controllers/ChapterController.php

@@ -12,6 +12,7 @@ use BookStack\Entities\Tools\HierarchyTransformer;
 use BookStack\Entities\Tools\NextPreviousContentLocator;
 use BookStack\Exceptions\MoveOperationException;
 use BookStack\Exceptions\NotFoundException;
+use BookStack\Exceptions\NotifyException;
 use BookStack\Exceptions\PermissionsException;
 use BookStack\Http\Controller;
 use BookStack\References\ReferenceFetcher;
@@ -21,13 +22,10 @@ use Throwable;
 
 class ChapterController extends Controller
 {
-    protected ChapterRepo $chapterRepo;
-    protected ReferenceFetcher $referenceFetcher;
-
-    public function __construct(ChapterRepo $chapterRepo, ReferenceFetcher $referenceFetcher)
-    {
-        $this->chapterRepo = $chapterRepo;
-        $this->referenceFetcher = $referenceFetcher;
+    public function __construct(
+        protected ChapterRepo $chapterRepo,
+        protected ReferenceFetcher $referenceFetcher
+    ) {
     }
 
     /**
@@ -50,14 +48,16 @@ class ChapterController extends Controller
      */
     public function store(Request $request, string $bookSlug)
     {
-        $this->validate($request, [
-            'name' => ['required', 'string', 'max:255'],
+        $validated = $this->validate($request, [
+            'name'             => ['required', 'string', 'max:255'],
+            'description_html' => ['string', 'max:2000'],
+            'tags'             => ['array'],
         ]);
 
         $book = Book::visible()->where('slug', '=', $bookSlug)->firstOrFail();
         $this->checkOwnablePermission('chapter-create', $book);
 
-        $chapter = $this->chapterRepo->create($request->all(), $book);
+        $chapter = $this->chapterRepo->create($validated, $book);
 
         return redirect($chapter->getUrl());
     }
@@ -86,7 +86,7 @@ class ChapterController extends Controller
             'pages'          => $pages,
             'next'           => $nextPreviousLocator->getNext(),
             'previous'       => $nextPreviousLocator->getPrevious(),
-            'referenceCount' => $this->referenceFetcher->getPageReferenceCountToEntity($chapter),
+            'referenceCount' => $this->referenceFetcher->getReferenceCountToEntity($chapter),
         ]);
     }
 
@@ -110,10 +110,16 @@ class ChapterController extends Controller
      */
     public function update(Request $request, string $bookSlug, string $chapterSlug)
     {
+        $validated = $this->validate($request, [
+            'name'             => ['required', 'string', 'max:255'],
+            'description_html' => ['string', 'max:2000'],
+            'tags'             => ['array'],
+        ]);
+
         $chapter = $this->chapterRepo->getBySlug($bookSlug, $chapterSlug);
         $this->checkOwnablePermission('chapter-update', $chapter);
 
-        $this->chapterRepo->update($chapter, $request->all());
+        $this->chapterRepo->update($chapter, $validated);
 
         return redirect($chapter->getUrl());
     }
@@ -170,7 +176,7 @@ class ChapterController extends Controller
     /**
      * Perform the move action for a chapter.
      *
-     * @throws NotFoundException
+     * @throws NotFoundException|NotifyException
      */
     public function move(Request $request, string $bookSlug, string $chapterSlug)
     {
@@ -184,13 +190,13 @@ class ChapterController extends Controller
         }
 
         try {
-            $newBook = $this->chapterRepo->move($chapter, $entitySelection);
+            $this->chapterRepo->move($chapter, $entitySelection);
         } catch (PermissionsException $exception) {
             $this->showPermissionError();
         } catch (MoveOperationException $exception) {
             $this->showErrorNotification(trans('errors.selected_book_not_found'));
 
-            return redirect()->back();
+            return redirect($chapter->getUrl('/move'));
         }
 
         return redirect($chapter->getUrl());
@@ -231,7 +237,7 @@ class ChapterController extends Controller
         if (is_null($newParentBook)) {
             $this->showErrorNotification(trans('errors.selected_book_not_found'));
 
-            return redirect()->back();
+            return redirect($chapter->getUrl('/copy'));
         }
 
         $this->checkOwnablePermission('chapter-create', $newParentBook);

app/Entities/Controllers/PageController.php

@@ -5,6 +5,7 @@ namespace BookStack\Entities\Controllers;
 use BookStack\Activity\Models\View;
 use BookStack\Activity\Tools\CommentTree;
 use BookStack\Activity\Tools\UserEntityWatchOptions;
+use BookStack\Entities\Models\Book;
 use BookStack\Entities\Models\Page;
 use BookStack\Entities\Repos\PageRepo;
 use BookStack\Entities\Tools\BookContents;
@@ -71,7 +72,6 @@ class PageController extends Controller
         $page = $this->pageRepo->getNewDraftPage($parent);
         $this->pageRepo->publishDraft($page, [
             'name' => $request->get('name'),
-            'html' => '',
         ]);
 
         return redirect($page->getUrl('/edit'));
@@ -155,7 +155,7 @@ class PageController extends Controller
             'watchOptions'    => new UserEntityWatchOptions(user(), $page),
             'next'            => $nextPreviousLocator->getNext(),
             'previous'        => $nextPreviousLocator->getPrevious(),
-            'referenceCount'  => $this->referenceFetcher->getPageReferenceCountToEntity($page),
+            'referenceCount'  => $this->referenceFetcher->getReferenceCountToEntity($page),
         ]);
     }
 
@@ -259,11 +259,13 @@ class PageController extends Controller
         $page = $this->pageRepo->getBySlug($bookSlug, $pageSlug);
         $this->checkOwnablePermission('page-delete', $page);
         $this->setPageTitle(trans('entities.pages_delete_named', ['pageName' => $page->getShortName()]));
+        $usedAsTemplate = Book::query()->where('default_template_id', '=', $page->id)->count() > 0;
 
         return view('pages.delete', [
             'book'    => $page->book,
             'page'    => $page,
             'current' => $page,
+            'usedAsTemplate' => $usedAsTemplate,
         ]);
     }
 
@@ -277,11 +279,13 @@ class PageController extends Controller
         $page = $this->pageRepo->getById($pageId);
         $this->checkOwnablePermission('page-update', $page);
         $this->setPageTitle(trans('entities.pages_delete_draft_named', ['pageName' => $page->getShortName()]));
+        $usedAsTemplate = Book::query()->where('default_template_id', '=', $page->id)->count() > 0;
 
         return view('pages.delete', [
             'book'    => $page->book,
             'page'    => $page,
             'current' => $page,
+            'usedAsTemplate' => $usedAsTemplate,
         ]);
     }
 
@@ -391,7 +395,7 @@ class PageController extends Controller
         } catch (Exception $exception) {
             $this->showErrorNotification(trans('errors.selected_book_chapter_not_found'));
 
-            return redirect()->back();
+            return redirect($page->getUrl('/move'));
         }
 
         return redirect($page->getUrl());
@@ -431,7 +435,7 @@ class PageController extends Controller
         if (is_null($newParent)) {
             $this->showErrorNotification(trans('errors.selected_book_chapter_not_found'));
 
-            return redirect()->back();
+            return redirect($page->getUrl('/copy'));
         }
 
         $this->checkOwnablePermission('page-create', $newParent);

app/Entities/EntityProvider.php

@@ -37,7 +37,7 @@ class EntityProvider
      * Fetch all core entity types as an associated array
      * with their basic names as the keys.
      *
-     * @return array<Entity>
+     * @return array<string, Entity>
      */
     public function all(): array
     {

app/Entities/Models/Book.php

@@ -15,20 +15,23 @@ use Illuminate\Support\Collection;
  *
  * @property string                                   $description
  * @property int                                      $image_id
+ * @property ?int                                     $default_template_id
  * @property Image|null                               $cover
  * @property \Illuminate\Database\Eloquent\Collection $chapters
  * @property \Illuminate\Database\Eloquent\Collection $pages
  * @property \Illuminate\Database\Eloquent\Collection $directPages
  * @property \Illuminate\Database\Eloquent\Collection $shelves
+ * @property ?Page                                    $defaultTemplate
  */
 class Book extends Entity implements HasCoverImage
 {
     use HasFactory;
+    use HasHtmlDescription;
 
-    public $searchFactor = 1.2;
+    public float $searchFactor = 1.2;
 
-    protected $fillable = ['name', 'description'];
-    protected $hidden = ['pivot', 'image_id', 'deleted_at'];
+    protected $fillable = ['name'];
+    protected $hidden = ['pivot', 'image_id', 'deleted_at', 'description_html'];
 
     /**
      * Get the url for this book.
@@ -40,26 +43,19 @@ class Book extends Entity implements HasCoverImage
 
     /**
      * Returns book cover image, if book cover not exists return default cover image.
-     *
-     * @param int $width  - Width of the image
-     * @param int $height - Height of the image
-     *
-     * @return string
      */
-    public function getBookCover($width = 440, $height = 250)
+    public function getBookCover(int $width = 440, int $height = 250): string
     {
         $default = 'data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==';
-        if (!$this->image_id) {
+        if (!$this->image_id || !$this->cover) {
             return $default;
         }
 
         try {
-            $cover = $this->cover ? url($this->cover->getThumb($width, $height, false)) : $default;
+            return $this->cover->getThumb($width, $height, false) ?? $default;
         } catch (Exception $err) {
-            $cover = $default;
+            return $default;
         }
-
-        return $cover;
     }
 
     /**
@@ -78,6 +74,14 @@ class Book extends Entity implements HasCoverImage
         return 'cover_book';
     }
 
+    /**
+     * Get the Page that is used as default template for newly created pages within this Book.
+     */
+    public function defaultTemplate(): BelongsTo
+    {
+        return $this->belongsTo(Page::class, 'default_template_id');
+    }
+
     /**
      * Get all pages within this book.
      */

app/Entities/Models/BookChild.php

@@ -65,7 +65,7 @@ abstract class BookChild extends Entity
         $this->refresh();
 
         if ($oldUrl !== $this->getUrl()) {
-            app()->make(ReferenceUpdater::class)->updateEntityPageReferences($this, $oldUrl);
+            app()->make(ReferenceUpdater::class)->updateEntityReferences($this, $oldUrl);
         }
 
         // Update all child pages if a chapter

app/Entities/Models/Bookshelf.php

@@ -3,6 +3,7 @@
 namespace BookStack\Entities\Models;
 
 use BookStack\Uploads\Image;
+use Exception;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\BelongsToMany;
@@ -10,14 +11,15 @@ use Illuminate\Database\Eloquent\Relations\BelongsToMany;
 class Bookshelf extends Entity implements HasCoverImage
 {
     use HasFactory;
+    use HasHtmlDescription;
 
     protected $table = 'bookshelves';
 
-    public $searchFactor = 1.2;
+    public float $searchFactor = 1.2;
 
     protected $fillable = ['name', 'description', 'image_id'];
 
-    protected $hidden = ['image_id', 'deleted_at'];
+    protected $hidden = ['image_id', 'deleted_at', 'description_html'];
 
     /**
      * Get the books in this shelf.
@@ -49,28 +51,21 @@ class Bookshelf extends Entity implements HasCoverImage
     }
 
     /**
-     * Returns BookShelf cover image, if cover does not exists return default cover image.
-     *
-     * @param int $width  - Width of the image
-     * @param int $height - Height of the image
-     *
-     * @return string
+     * Returns shelf cover image, if cover not exists return default cover image.
      */
-    public function getBookCover($width = 440, $height = 250)
+    public function getBookCover(int $width = 440, int $height = 250): string
     {
         // TODO - Make generic, focused on books right now, Perhaps set-up a better image
         $default = 'data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==';
-        if (!$this->image_id) {
+        if (!$this->image_id || !$this->cover) {
             return $default;
         }
 
         try {
-            $cover = $this->cover ? url($this->cover->getThumb($width, $height, false)) : $default;
-        } catch (\Exception $err) {
-            $cover = $default;
+            return $this->cover->getThumb($width, $height, false) ?? $default;
+        } catch (Exception $err) {
+            return $default;
         }
-
-        return $cover;
     }
 
     /**

app/Entities/Models/Chapter.php

@@ -15,11 +15,12 @@ use Illuminate\Support\Collection;
 class Chapter extends BookChild
 {
     use HasFactory;
+    use HasHtmlDescription;
 
-    public $searchFactor = 1.2;
+    public float $searchFactor = 1.2;
 
     protected $fillable = ['name', 'description', 'priority'];
-    protected $hidden = ['pivot', 'deleted_at'];
+    protected $hidden = ['pivot', 'deleted_at', 'description_html'];
 
     /**
      * Get the pages that this chapter contains.

app/Entities/Models/Entity.php

@@ -10,6 +10,7 @@ use BookStack\Activity\Models\Loggable;
 use BookStack\Activity\Models\Tag;
 use BookStack\Activity\Models\View;
 use BookStack\Activity\Models\Viewable;
+use BookStack\Activity\Models\Watch;
 use BookStack\App\Model;
 use BookStack\App\Sluggable;
 use BookStack\Entities\Tools\SlugGenerator;
@@ -56,12 +57,17 @@ abstract class Entity extends Model implements Sluggable, Favouritable, Viewable
     /**
      * @var string - Name of property where the main text content is found
      */
-    public $textField = 'description';
+    public string $textField = 'description';
+
+    /**
+     * @var string - Name of the property where the main HTML content is found
+     */
+    public string $htmlField = 'description_html';
 
     /**
      * @var float - Multiplier for search indexing.
      */
-    public $searchFactor = 1.0;
+    public float $searchFactor = 1.0;
 
     /**
      * Get the entities that are visible to the current user.
@@ -330,6 +336,14 @@ abstract class Entity extends Model implements Sluggable, Favouritable, Viewable
             ->exists();
     }
 
+    /**
+     * Get the related watches for this entity.
+     */
+    public function watches(): MorphMany
+    {
+        return $this->morphMany(Watch::class, 'watchable');
+    }
+
     /**
      * {@inheritdoc}
      */

app/Entities/Models/HasHtmlDescription.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace BookStack\Entities\Models;
+
+use BookStack\Util\HtmlContentFilter;
+
+/**
+ * @property string $description
+ * @property string $description_html
+ */
+trait HasHtmlDescription
+{
+    /**
+     * Get the HTML description for this book.
+     */
+    public function descriptionHtml(): string
+    {
+        $html = $this->description_html ?: '<p>' . nl2br(e($this->description)) . '</p>';
+        return HtmlContentFilter::removeScriptsFromHtmlString($html);
+    }
+}

app/Entities/Models/Page.php

@@ -37,7 +37,8 @@ class Page extends BookChild
 
     protected $fillable = ['name', 'priority'];
 
-    public $textField = 'text';
+    public string $textField = 'text';
+    public string $htmlField = 'html';
 
     protected $hidden = ['html', 'markdown', 'text', 'pivot', 'deleted_at'];
 

app/Entities/Queries/RecentlyViewed.php

@@ -10,7 +10,7 @@ class RecentlyViewed extends EntityQuery
     public function run(int $count, int $page): Collection
     {
         $user = user();
-        if ($user === null || $user->isDefault()) {
+        if ($user === null || $user->isGuest()) {
             return collect();
         }
 

app/Entities/Queries/TopFavourites.php

@@ -10,7 +10,7 @@ class TopFavourites extends EntityQuery
     public function run(int $count, int $skip = 0)
     {
         $user = user();
-        if ($user->isDefault()) {
+        if ($user->isGuest()) {
             return collect();
         }
 

app/Entities/Repos/BaseRepo.php

@@ -5,22 +5,22 @@ namespace BookStack\Entities\Repos;
 use BookStack\Activity\TagRepo;
 use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Models\HasCoverImage;
+use BookStack\Entities\Models\HasHtmlDescription;
 use BookStack\Exceptions\ImageUploadException;
+use BookStack\References\ReferenceStore;
 use BookStack\References\ReferenceUpdater;
 use BookStack\Uploads\ImageRepo;
+use BookStack\Util\HtmlDescriptionFilter;
 use Illuminate\Http\UploadedFile;
 
 class BaseRepo
 {
-    protected TagRepo $tagRepo;
-    protected ImageRepo $imageRepo;
-    protected ReferenceUpdater $referenceUpdater;
-
-    public function __construct(TagRepo $tagRepo, ImageRepo $imageRepo, ReferenceUpdater $referenceUpdater)
-    {
-        $this->tagRepo = $tagRepo;
-        $this->imageRepo = $imageRepo;
-        $this->referenceUpdater = $referenceUpdater;
+    public function __construct(
+        protected TagRepo $tagRepo,
+        protected ImageRepo $imageRepo,
+        protected ReferenceUpdater $referenceUpdater,
+        protected ReferenceStore $referenceStore,
+    ) {
     }
 
     /**
@@ -29,6 +29,7 @@ class BaseRepo
     public function create(Entity $entity, array $input)
     {
         $entity->fill($input);
+        $this->updateDescription($entity, $input);
         $entity->forceFill([
             'created_by' => user()->id,
             'updated_by' => user()->id,
@@ -44,6 +45,7 @@ class BaseRepo
         $entity->refresh();
         $entity->rebuildPermissions();
         $entity->indexForSearch();
+        $this->referenceStore->updateForEntity($entity);
     }
 
     /**
@@ -54,6 +56,7 @@ class BaseRepo
         $oldUrl = $entity->getUrl();
 
         $entity->fill($input);
+        $this->updateDescription($entity, $input);
         $entity->updated_by = user()->id;
 
         if ($entity->isDirty('name') || empty($entity->slug)) {
@@ -69,9 +72,10 @@ class BaseRepo
 
         $entity->rebuildPermissions();
         $entity->indexForSearch();
+        $this->referenceStore->updateForEntity($entity);
 
         if ($oldUrl !== $entity->getUrl()) {
-            $this->referenceUpdater->updateEntityPageReferences($entity, $oldUrl);
+            $this->referenceUpdater->updateEntityReferences($entity, $oldUrl);
         }
     }
 
@@ -99,4 +103,21 @@ class BaseRepo
             $entity->save();
         }
     }
+
+    protected function updateDescription(Entity $entity, array $input): void
+    {
+        if (!in_array(HasHtmlDescription::class, class_uses($entity))) {
+            return;
+        }
+
+        /** @var HasHtmlDescription $entity */
+        if (isset($input['description_html'])) {
+            $entity->description_html = HtmlDescriptionFilter::filterFromString($input['description_html']);
+            $entity->description = html_entity_decode(strip_tags($input['description_html']));
+        } else if (isset($input['description'])) {
+            $entity->description = $input['description'];
+            $entity->description_html = '';
+            $entity->description_html = $entity->descriptionHtml();
+        }
+    }
 }

app/Entities/Repos/BookRepo.php

@@ -5,6 +5,7 @@ namespace BookStack\Entities\Repos;
 use BookStack\Activity\ActivityType;
 use BookStack\Activity\TagRepo;
 use BookStack\Entities\Models\Book;
+use BookStack\Entities\Models\Page;
 use BookStack\Entities\Tools\TrashCan;
 use BookStack\Exceptions\ImageUploadException;
 use BookStack\Exceptions\NotFoundException;
@@ -17,18 +18,11 @@ use Illuminate\Support\Collection;
 
 class BookRepo
 {
-    protected $baseRepo;
-    protected $tagRepo;
-    protected $imageRepo;
-
-    /**
-     * BookRepo constructor.
-     */
-    public function __construct(BaseRepo $baseRepo, TagRepo $tagRepo, ImageRepo $imageRepo)
-    {
-        $this->baseRepo = $baseRepo;
-        $this->tagRepo = $tagRepo;
-        $this->imageRepo = $imageRepo;
+    public function __construct(
+        protected BaseRepo $baseRepo,
+        protected TagRepo $tagRepo,
+        protected ImageRepo $imageRepo
+    ) {
     }
 
     /**
@@ -92,6 +86,7 @@ class BookRepo
         $book = new Book();
         $this->baseRepo->create($book, $input);
         $this->baseRepo->updateCoverImage($book, $input['image'] ?? null);
+        $this->updateBookDefaultTemplate($book, intval($input['default_template_id'] ?? null));
         Activity::add(ActivityType::BOOK_CREATE, $book);
 
         return $book;
@@ -104,6 +99,10 @@ class BookRepo
     {
         $this->baseRepo->update($book, $input);
 
+        if (array_key_exists('default_template_id', $input)) {
+            $this->updateBookDefaultTemplate($book, intval($input['default_template_id']));
+        }
+
         if (array_key_exists('image', $input)) {
             $this->baseRepo->updateCoverImage($book, $input['image'], $input['image'] === null);
         }
@@ -113,6 +112,33 @@ class BookRepo
         return $book;
     }
 
+    /**
+     * Update the default page template used for this book.
+     * Checks that, if changing, the provided value is a valid template and the user
+     * has visibility of the provided page template id.
+     */
+    protected function updateBookDefaultTemplate(Book $book, int $templateId): void
+    {
+        $changing = $templateId !== intval($book->default_template_id);
+        if (!$changing) {
+            return;
+        }
+
+        if ($templateId === 0) {
+            $book->default_template_id = null;
+            $book->save();
+            return;
+        }
+
+        $templateExists = Page::query()->visible()
+            ->where('template', '=', true)
+            ->where('id', '=', $templateId)
+            ->exists();
+
+        $book->default_template_id = $templateExists ? $templateId : null;
+        $book->save();
+    }
+
     /**
      * Update the given book's cover image, or clear it.
      *

app/Entities/Repos/PageRepo.php

@@ -136,6 +136,14 @@ class PageRepo
             $page->book_id = $parent->id;
         }
 
+        $defaultTemplate = $page->book->defaultTemplate;
+        if ($defaultTemplate && userCan('view', $defaultTemplate)) {
+            $page->forceFill([
+                'html'  => $defaultTemplate->html,
+                'markdown' => $defaultTemplate->markdown,
+            ]);
+        }
+
         $page->save();
         $page->refresh()->rebuildPermissions();
 
@@ -154,7 +162,6 @@ class PageRepo
         $this->baseRepo->update($draft, $input);
 
         $this->revisionRepo->storeNewForPage($draft, trans('entities.pages_initial_revision'));
-        $this->referenceStore->updateForPage($draft);
         $draft->refresh();
 
         Activity::add(ActivityType::PAGE_CREATE, $draft);
@@ -174,7 +181,6 @@ class PageRepo
 
         $this->updateTemplateStatusAndContentFromInput($page, $input);
         $this->baseRepo->update($page, $input);
-        $this->referenceStore->updateForPage($page);
 
         // Update with new details
         $page->revision_count++;
@@ -211,13 +217,13 @@ class PageRepo
         $inputEmpty = empty($input['markdown']) && empty($input['html']);
 
         if ($haveInput && $inputEmpty) {
-            $pageContent->setNewHTML('');
+            $pageContent->setNewHTML('', user());
         } elseif (!empty($input['markdown']) && is_string($input['markdown'])) {
             $newEditor = 'markdown';
-            $pageContent->setNewMarkdown($input['markdown']);
+            $pageContent->setNewMarkdown($input['markdown'], user());
         } elseif (isset($input['html'])) {
             $newEditor = 'wysiwyg';
-            $pageContent->setNewHTML($input['html']);
+            $pageContent->setNewHTML($input['html'], user());
         }
 
         if ($newEditor !== $currentEditor && userCan('editor-change')) {
@@ -284,22 +290,22 @@ class PageRepo
         $content = new PageContent($page);
 
         if (!empty($revision->markdown)) {
-            $content->setNewMarkdown($revision->markdown);
+            $content->setNewMarkdown($revision->markdown, user());
         } else {
-            $content->setNewHTML($revision->html);
+            $content->setNewHTML($revision->html, user());
         }
 
         $page->updated_by = user()->id;
         $page->refreshSlug();
         $page->save();
         $page->indexForSearch();
-        $this->referenceStore->updateForPage($page);
+        $this->referenceStore->updateForEntity($page);
 
         $summary = trans('entities.pages_revision_restored_from', ['id' => strval($revisionId), 'summary' => $revision->summary]);
         $this->revisionRepo->storeNewForPage($page, $summary);
 
         if ($oldUrl !== $page->getUrl()) {
-            $this->referenceUpdater->updateEntityPageReferences($page, $oldUrl);
+            $this->referenceUpdater->updateEntityReferences($page, $oldUrl);
         }
 
         Activity::add(ActivityType::PAGE_RESTORE, $page);

app/Entities/Tools/ExportFormatter.php

@@ -8,26 +8,18 @@ use BookStack\Entities\Models\Page;
 use BookStack\Entities\Tools\Markdown\HtmlToMarkdown;
 use BookStack\Uploads\ImageService;
 use BookStack\Util\CspService;
-use DOMDocument;
+use BookStack\Util\HtmlDocument;
 use DOMElement;
-use DOMXPath;
 use Exception;
 use Throwable;
 
 class ExportFormatter
 {
-    protected ImageService $imageService;
-    protected PdfGenerator $pdfGenerator;
-    protected CspService $cspService;
-
-    /**
-     * ExportService constructor.
-     */
-    public function __construct(ImageService $imageService, PdfGenerator $pdfGenerator, CspService $cspService)
-    {
-        $this->imageService = $imageService;
-        $this->pdfGenerator = $pdfGenerator;
-        $this->cspService = $cspService;
+    public function __construct(
+        protected ImageService $imageService,
+        protected PdfGenerator $pdfGenerator,
+        protected CspService $cspService
+    ) {
     }
 
     /**
@@ -36,13 +28,14 @@ class ExportFormatter
      *
      * @throws Throwable
      */
-    public function pageToContainedHtml(Page $page)
+    public function pageToContainedHtml(Page $page): string
     {
         $page->html = (new PageContent($page))->render();
         $pageHtml = view('exports.page', [
             'page'       => $page,
             'format'     => 'html',
             'cspContent' => $this->cspService->getCspMetaTagValue(),
+            'locale'     => user()->getLocale(),
         ])->render();
 
         return $this->containHtml($pageHtml);
@@ -53,7 +46,7 @@ class ExportFormatter
      *
      * @throws Throwable
      */
-    public function chapterToContainedHtml(Chapter $chapter)
+    public function chapterToContainedHtml(Chapter $chapter): string
     {
         $pages = $chapter->getVisiblePages();
         $pages->each(function ($page) {
@@ -64,6 +57,7 @@ class ExportFormatter
             'pages'      => $pages,
             'format'     => 'html',
             'cspContent' => $this->cspService->getCspMetaTagValue(),
+            'locale'     => user()->getLocale(),
         ])->render();
 
         return $this->containHtml($html);
@@ -74,7 +68,7 @@ class ExportFormatter
      *
      * @throws Throwable
      */
-    public function bookToContainedHtml(Book $book)
+    public function bookToContainedHtml(Book $book): string
     {
         $bookTree = (new BookContents($book))->getTree(false, true);
         $html = view('exports.book', [
@@ -82,6 +76,7 @@ class ExportFormatter
             'bookChildren' => $bookTree,
             'format'       => 'html',
             'cspContent'   => $this->cspService->getCspMetaTagValue(),
+            'locale'       => user()->getLocale(),
         ])->render();
 
         return $this->containHtml($html);
@@ -92,13 +87,14 @@ class ExportFormatter
      *
      * @throws Throwable
      */
-    public function pageToPdf(Page $page)
+    public function pageToPdf(Page $page): string
     {
         $page->html = (new PageContent($page))->render();
         $html = view('exports.page', [
             'page'   => $page,
             'format' => 'pdf',
             'engine' => $this->pdfGenerator->getActiveEngine(),
+            'locale' => user()->getLocale(),
         ])->render();
 
         return $this->htmlToPdf($html);
@@ -109,7 +105,7 @@ class ExportFormatter
      *
      * @throws Throwable
      */
-    public function chapterToPdf(Chapter $chapter)
+    public function chapterToPdf(Chapter $chapter): string
     {
         $pages = $chapter->getVisiblePages();
         $pages->each(function ($page) {
@@ -121,6 +117,7 @@ class ExportFormatter
             'pages'   => $pages,
             'format'  => 'pdf',
             'engine'  => $this->pdfGenerator->getActiveEngine(),
+            'locale'  => user()->getLocale(),
         ])->render();
 
         return $this->htmlToPdf($html);
@@ -131,7 +128,7 @@ class ExportFormatter
      *
      * @throws Throwable
      */
-    public function bookToPdf(Book $book)
+    public function bookToPdf(Book $book): string
     {
         $bookTree = (new BookContents($book))->getTree(false, true);
         $html = view('exports.book', [
@@ -139,6 +136,7 @@ class ExportFormatter
             'bookChildren' => $bookTree,
             'format'       => 'pdf',
             'engine'       => $this->pdfGenerator->getActiveEngine(),
+            'locale'       => user()->getLocale(),
         ])->render();
 
         return $this->htmlToPdf($html);
@@ -152,49 +150,40 @@ class ExportFormatter
     protected function htmlToPdf(string $html): string
     {
         $html = $this->containHtml($html);
-        $html = $this->replaceIframesWithLinks($html);
-        $html = $this->openDetailElements($html);
+        $doc = new HtmlDocument();
+        $doc->loadCompleteHtml($html);
 
-        return $this->pdfGenerator->fromHtml($html);
+        $this->replaceIframesWithLinks($doc);
+        $this->openDetailElements($doc);
+        $cleanedHtml = $doc->getHtml();
+
+        return $this->pdfGenerator->fromHtml($cleanedHtml);
     }
 
     /**
      * Within the given HTML content, Open any detail blocks.
      */
-    protected function openDetailElements(string $html): string
+    protected function openDetailElements(HtmlDocument $doc): void
     {
-        libxml_use_internal_errors(true);
-
-        $doc = new DOMDocument();
-        $doc->loadHTML(mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8'));
-        $xPath = new DOMXPath($doc);
-
-        $details = $xPath->query('//details');
+        $details = $doc->queryXPath('//details');
         /** @var DOMElement $detail */
         foreach ($details as $detail) {
             $detail->setAttribute('open', 'open');
         }
-
-        return $doc->saveHTML();
     }
 
     /**
-     * Within the given HTML content, replace any iframe elements
+     * Within the given HTML document, replace any iframe elements
      * with anchor links within paragraph blocks.
      */
-    protected function replaceIframesWithLinks(string $html): string
+    protected function replaceIframesWithLinks(HtmlDocument $doc): void
     {
-        libxml_use_internal_errors(true);
+        $iframes = $doc->queryXPath('//iframe');
 
-        $doc = new DOMDocument();
-        $doc->loadHTML(mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8'));
-        $xPath = new DOMXPath($doc);
-
-        $iframes = $xPath->query('//iframe');
         /** @var DOMElement $iframe */
         foreach ($iframes as $iframe) {
             $link = $iframe->getAttribute('src');
-            if (strpos($link, '//') === 0) {
+            if (str_starts_with($link, '//')) {
                 $link = 'https:' . $link;
             }
 
@@ -204,8 +193,6 @@ class ExportFormatter
             $paragraph->appendChild($anchor);
             $iframe->parentNode->replaceChild($paragraph, $iframe);
         }
-
-        return $doc->saveHTML();
     }
 
     /**
@@ -223,7 +210,7 @@ class ExportFormatter
             foreach ($imageTagsOutput[0] as $index => $imgMatch) {
                 $oldImgTagString = $imgMatch;
                 $srcString = $imageTagsOutput[2][$index];
-                $imageEncoded = $this->imageService->imageUriToBase64($srcString);
+                $imageEncoded = $this->imageService->imageUrlToBase64($srcString);
                 if ($imageEncoded === null) {
                     $imageEncoded = $srcString;
                 }
@@ -240,7 +227,7 @@ class ExportFormatter
             foreach ($linksOutput[0] as $index => $linkMatch) {
                 $oldLinkString = $linkMatch;
                 $srcString = $linksOutput[2][$index];
-                if (strpos(trim($srcString), 'http') !== 0) {
+                if (!str_starts_with(trim($srcString), 'http')) {
                     $newSrcString = url($srcString);
                     $newLinkString = str_replace($srcString, $newSrcString, $oldLinkString);
                     $htmlContent = str_replace($oldLinkString, $newLinkString, $htmlContent);
@@ -255,17 +242,20 @@ class ExportFormatter
      * Converts the page contents into simple plain text.
      * This method filters any bad looking content to provide a nice final output.
      */
-    public function pageToPlainText(Page $page): string
+    public function pageToPlainText(Page $page, bool $pageRendered = false, bool $fromParent = false): string
     {
-        $html = (new PageContent($page))->render();
-        $text = strip_tags($html);
+        $html = $pageRendered ? $page->html : (new PageContent($page))->render();
+        // Add proceeding spaces before tags so spaces remain between
+        // text within elements after stripping tags.
+        $html = str_replace('<', " <", $html);
+        $text = trim(strip_tags($html));
         // Replace multiple spaces with single spaces
-        $text = preg_replace('/\ {2,}/', ' ', $text);
+        $text = preg_replace('/ {2,}/', ' ', $text);
         // Reduce multiple horrid whitespace characters.
         $text = preg_replace('/(\x0A|\xA0|\x0A|\r|\n){2,}/su', "\n\n", $text);
         $text = html_entity_decode($text);
         // Add title
-        $text = $page->name . "\n\n" . $text;
+        $text = $page->name . ($fromParent ? "\n" : "\n\n") . $text;
 
         return $text;
     }
@@ -275,13 +265,15 @@ class ExportFormatter
      */
     public function chapterToPlainText(Chapter $chapter): string
     {
-        $text = $chapter->name . "\n\n";
-        $text .= $chapter->description . "\n\n";
+        $text = $chapter->name . "\n" . $chapter->description;
+        $text = trim($text) . "\n\n";
+
+        $parts = [];
         foreach ($chapter->getVisiblePages() as $page) {
-            $text .= $this->pageToPlainText($page);
+            $parts[] = $this->pageToPlainText($page, false, true);
         }
 
-        return $text;
+        return $text . implode("\n\n", $parts);
     }
 
     /**
@@ -289,17 +281,20 @@ class ExportFormatter
      */
     public function bookToPlainText(Book $book): string
     {
-        $bookTree = (new BookContents($book))->getTree(false, false);
-        $text = $book->name . "\n\n";
+        $bookTree = (new BookContents($book))->getTree(false, true);
+        $text = $book->name . "\n" . $book->description;
+        $text = rtrim($text) . "\n\n";
+
+        $parts = [];
         foreach ($bookTree as $bookChild) {
             if ($bookChild->isA('chapter')) {
-                $text .= $this->chapterToPlainText($bookChild);
+                $parts[] = $this->chapterToPlainText($bookChild);
             } else {
-                $text .= $this->pageToPlainText($bookChild);
+                $parts[] = $this->pageToPlainText($bookChild, true, true);
             }
         }
 
-        return $text;
+        return $text . implode("\n\n", $parts);
     }
 
     /**

app/Entities/Tools/MixedEntityListLoader.php

@@ -0,0 +1,103 @@
+<?php
+
+namespace BookStack\Entities\Tools;
+
+use BookStack\App\Model;
+use BookStack\Entities\EntityProvider;
+use Illuminate\Database\Eloquent\Relations\Relation;
+
+class MixedEntityListLoader
+{
+    protected array $listAttributes = [
+        'page'      => ['id', 'name', 'slug', 'book_id', 'chapter_id', 'text', 'draft'],
+        'chapter'   => ['id', 'name', 'slug', 'book_id', 'description'],
+        'book'      => ['id', 'name', 'slug', 'description'],
+        'bookshelf' => ['id', 'name', 'slug', 'description'],
+    ];
+
+    public function __construct(
+        protected EntityProvider $entityProvider
+    ) {
+    }
+
+    /**
+     * Efficiently load in entities for listing onto the given list
+     * where entities are set as a relation via the given name.
+     * This will look for a model id and type via 'name_id' and 'name_type'.
+     * @param Model[] $relations
+     */
+    public function loadIntoRelations(array $relations, string $relationName): void
+    {
+        $idsByType = [];
+        foreach ($relations as $relation) {
+            $type = $relation->getAttribute($relationName . '_type');
+            $id = $relation->getAttribute($relationName . '_id');
+
+            if (!isset($idsByType[$type])) {
+                $idsByType[$type] = [];
+            }
+
+            $idsByType[$type][] = $id;
+        }
+
+        $modelMap = $this->idsByTypeToModelMap($idsByType);
+
+        foreach ($relations as $relation) {
+            $type = $relation->getAttribute($relationName . '_type');
+            $id = $relation->getAttribute($relationName . '_id');
+            $related = $modelMap[$type][strval($id)] ?? null;
+            if ($related) {
+                $relation->setRelation($relationName, $related);
+            }
+        }
+    }
+
+    /**
+     * @param array<string, int[]> $idsByType
+     * @return array<string, array<int, Model>>
+     */
+    protected function idsByTypeToModelMap(array $idsByType): array
+    {
+        $modelMap = [];
+
+        foreach ($idsByType as $type => $ids) {
+            if (!isset($this->listAttributes[$type])) {
+                continue;
+            }
+
+            $instance = $this->entityProvider->get($type);
+            $models = $instance->newQuery()
+                ->select($this->listAttributes[$type])
+                ->scopes('visible')
+                ->whereIn('id', $ids)
+                ->with($this->getRelationsToEagerLoad($type))
+                ->get();
+
+            if (count($models) > 0) {
+                $modelMap[$type] = [];
+            }
+
+            foreach ($models as $model) {
+                $modelMap[$type][strval($model->id)] = $model;
+            }
+        }
+
+        return $modelMap;
+    }
+
+    protected function getRelationsToEagerLoad(string $type): array
+    {
+        $toLoad = [];
+        $loadVisible = fn (Relation $query) => $query->scopes('visible');
+
+        if ($type === 'chapter' || $type === 'page') {
+            $toLoad['book'] = $loadVisible;
+        }
+
+        if ($type === 'page') {
+            $toLoad['chapter'] = $loadVisible;
+        }
+
+        return $toLoad;
+    }
+}

app/Entities/Tools/MixedEntityRequestHelper.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace BookStack\Entities\Tools;
+
+use BookStack\Entities\EntityProvider;
+use BookStack\Entities\Models\Entity;
+
+class MixedEntityRequestHelper
+{
+    public function __construct(
+        protected EntityProvider $entities,
+    ) {
+    }
+
+    /**
+     * Query out an entity, visible to the current user, for the given
+     * entity request details (this provided in a request validated by
+     * this classes' validationRules method).
+     * @param array{type: string, id: string} $requestData
+     */
+    public function getVisibleEntityFromRequestData(array $requestData): Entity
+    {
+        $entityType = $this->entities->get($requestData['type']);
+
+        return $entityType->newQuery()->scopes(['visible'])->findOrFail($requestData['id']);
+    }
+
+    /**
+     * Get the validation rules for an abstract entity request.
+     * @return array{type: string[], id: string[]}
+     */
+    public function validationRules(): array
+    {
+        return [
+                'type' => ['required', 'string'],
+                'id'   => ['required', 'integer'],
+        ];
+    }
+}

app/Entities/Tools/PageContent.php

@@ -9,12 +9,14 @@ use BookStack\Facades\Theme;
 use BookStack\Theming\ThemeEvents;
 use BookStack\Uploads\ImageRepo;
 use BookStack\Uploads\ImageService;
+use BookStack\Users\Models\User;
 use BookStack\Util\HtmlContentFilter;
-use DOMDocument;
+use BookStack\Util\HtmlDocument;
+use BookStack\Util\WebSafeMimeSniffer;
+use Closure;
 use DOMElement;
 use DOMNode;
 use DOMNodeList;
-use DOMXPath;
 use Illuminate\Support\Str;
 
 class PageContent
@@ -27,9 +29,9 @@ class PageContent
     /**
      * Update the content of the page with new provided HTML.
      */
-    public function setNewHTML(string $html): void
+    public function setNewHTML(string $html, User $updater): void
     {
-        $html = $this->extractBase64ImagesFromHtml($html);
+        $html = $this->extractBase64ImagesFromHtml($html, $updater);
         $this->page->html = $this->formatHtml($html);
         $this->page->text = $this->toPlainText();
         $this->page->markdown = '';
@@ -38,9 +40,9 @@ class PageContent
     /**
      * Update the content of the page with new provided Markdown content.
      */
-    public function setNewMarkdown(string $markdown): void
+    public function setNewMarkdown(string $markdown, User $updater): void
     {
-        $markdown = $this->extractBase64ImagesFromMarkdown($markdown);
+        $markdown = $this->extractBase64ImagesFromMarkdown($markdown, $updater);
         $this->page->markdown = $markdown;
         $html = (new MarkdownToHtml($markdown))->convert();
         $this->page->html = $this->formatHtml($html);
@@ -50,33 +52,24 @@ class PageContent
     /**
      * Convert all base64 image data to saved images.
      */
-    protected function extractBase64ImagesFromHtml(string $htmlText): string
+    protected function extractBase64ImagesFromHtml(string $htmlText, User $updater): string
     {
         if (empty($htmlText) || !str_contains($htmlText, 'data:image')) {
             return $htmlText;
         }
 
-        $doc = $this->loadDocumentFromHtml($htmlText);
-        $container = $doc->documentElement;
-        $body = $container->childNodes->item(0);
-        $childNodes = $body->childNodes;
-        $xPath = new DOMXPath($doc);
+        $doc = new HtmlDocument($htmlText);
 
         // Get all img elements with image data blobs
-        $imageNodes = $xPath->query('//img[contains(@src, \'data:image\')]');
+        $imageNodes = $doc->queryXPath('//img[contains(@src, \'data:image\')]');
+        /** @var DOMElement $imageNode */
         foreach ($imageNodes as $imageNode) {
             $imageSrc = $imageNode->getAttribute('src');
-            $newUrl = $this->base64ImageUriToUploadedImageUrl($imageSrc);
+            $newUrl = $this->base64ImageUriToUploadedImageUrl($imageSrc, $updater);
             $imageNode->setAttribute('src', $newUrl);
         }
 
-        // Generate inner html as a string
-        $html = '';
-        foreach ($childNodes as $childNode) {
-            $html .= $doc->saveHTML($childNode);
-        }
-
-        return $html;
+        return $doc->getBodyInnerHtml();
     }
 
     /**
@@ -86,7 +79,7 @@ class PageContent
      * Attempting to capture the whole data uri using regex can cause PHP
      * PCRE limits to be hit with larger, multi-MB, files.
      */
-    protected function extractBase64ImagesFromMarkdown(string $markdown): string
+    protected function extractBase64ImagesFromMarkdown(string $markdown, User $updater): string
     {
         $matches = [];
         $contentLength = strlen($markdown);
@@ -104,7 +97,7 @@ class PageContent
                 $dataUri .= $char;
             }
 
-            $newUrl = $this->base64ImageUriToUploadedImageUrl($dataUri);
+            $newUrl = $this->base64ImageUriToUploadedImageUrl($dataUri, $updater);
             $replacements[] = [$dataUri, $newUrl];
         }
 
@@ -119,16 +112,28 @@ class PageContent
      * Parse the given base64 image URI and return the URL to the created image instance.
      * Returns an empty string if the parsed URI is invalid or causes an error upon upload.
      */
-    protected function base64ImageUriToUploadedImageUrl(string $uri): string
+    protected function base64ImageUriToUploadedImageUrl(string $uri, User $updater): string
     {
         $imageRepo = app()->make(ImageRepo::class);
         $imageInfo = $this->parseBase64ImageUri($uri);
 
+        // Validate user has permission to create images
+        if (!$updater->can('image-create-all')) {
+            return '';
+        }
+
         // Validate extension and content
         if (empty($imageInfo['data']) || !ImageService::isExtensionSupported($imageInfo['extension'])) {
             return '';
         }
 
+        // Validate content looks like an image via sniffing mime type
+        $mimeSniffer = new WebSafeMimeSniffer();
+        $mime = $mimeSniffer->sniff($imageInfo['data']);
+        if (!str_starts_with($mime, 'image/')) {
+            return '';
+        }
+
         // Validate that the content is not over our upload limit
         $uploadLimitBytes = (config('app.upload_limit') * 1000000);
         if (strlen($imageInfo['data']) > $uploadLimitBytes) {
@@ -172,27 +177,18 @@ class PageContent
             return $htmlText;
         }
 
-        $doc = $this->loadDocumentFromHtml($htmlText);
-        $container = $doc->documentElement;
-        $body = $container->childNodes->item(0);
-        $childNodes = $body->childNodes;
-        $xPath = new DOMXPath($doc);
+        $doc = new HtmlDocument($htmlText);
 
         // Map to hold used ID references
         $idMap = [];
         // Map to hold changing ID references
         $changeMap = [];
 
-        $this->updateIdsRecursively($body, 0, $idMap, $changeMap);
-        $this->updateLinks($xPath, $changeMap);
+        $this->updateIdsRecursively($doc->getBody(), 0, $idMap, $changeMap);
+        $this->updateLinks($doc, $changeMap);
 
-        // Generate inner html as a string
-        $html = '';
-        foreach ($childNodes as $childNode) {
-            $html .= $doc->saveHTML($childNode);
-        }
-
-        // Perform required string-level tweaks
+        // Generate inner html as a string & perform required string-level tweaks
+        $html = $doc->getBodyInnerHtml();
         $html = str_replace(' ', ' ', $html);
 
         return $html;
@@ -225,13 +221,13 @@ class PageContent
      * Update the all links in the given xpath to apply requires changes within the
      * given $changeMap array.
      */
-    protected function updateLinks(DOMXPath $xpath, array $changeMap): void
+    protected function updateLinks(HtmlDocument $doc, array $changeMap): void
     {
         if (empty($changeMap)) {
             return;
         }
 
-        $links = $xpath->query('//body//*//*[@href]');
+        $links = $doc->queryXPath('//body//*//*[@href]');
         /** @var DOMElement $domElem */
         foreach ($links as $domElem) {
             $href = ltrim($domElem->getAttribute('href'), '#');
@@ -295,21 +291,65 @@ class PageContent
      */
     public function render(bool $blankIncludes = false): string
     {
-        $content = $this->page->html ?? '';
+        $html = $this->page->html ?? '';
+
+        if (empty($html)) {
+            return $html;
+        }
+
+        $doc = new HtmlDocument($html);
+        $contentProvider = $this->getContentProviderClosure($blankIncludes);
+        $parser = new PageIncludeParser($doc, $contentProvider);
+
+        $nodesAdded = 1;
+        for ($includeDepth = 0; $includeDepth < 3 && $nodesAdded !== 0; $includeDepth++) {
+            $nodesAdded = $parser->parse();
+        }
+
+        if ($includeDepth > 1) {
+            $idMap = [];
+            $changeMap = [];
+            $this->updateIdsRecursively($doc->getBody(), 0, $idMap, $changeMap);
+        }
 
         if (!config('app.allow_content_scripts')) {
-            $content = HtmlContentFilter::removeScripts($content);
+            HtmlContentFilter::removeScriptsFromDocument($doc);
         }
 
-        if ($blankIncludes) {
-            $content = $this->blankPageIncludes($content);
-        } else {
-            for ($includeDepth = 0; $includeDepth < 3; $includeDepth++) {
-                $content = $this->parsePageIncludes($content);
+        return $doc->getBodyInnerHtml();
+    }
+
+    /**
+     * Get the closure used to fetch content for page includes.
+     */
+    protected function getContentProviderClosure(bool $blankIncludes): Closure
+    {
+        $contextPage = $this->page;
+
+        return function (PageIncludeTag $tag) use ($blankIncludes, $contextPage): PageIncludeContent {
+            if ($blankIncludes) {
+                return PageIncludeContent::fromHtmlAndTag('', $tag);
             }
-        }
 
-        return $content;
+            $matchedPage = Page::visible()->find($tag->getPageId());
+            $content = PageIncludeContent::fromHtmlAndTag($matchedPage->html ?? '', $tag);
+
+            if (Theme::hasListeners(ThemeEvents::PAGE_INCLUDE_PARSE)) {
+                $themeReplacement = Theme::dispatch(
+                    ThemeEvents::PAGE_INCLUDE_PARSE,
+                    $tag->tagContent,
+                    $content->toHtml(),
+                    clone $contextPage,
+                    $matchedPage ? (clone $matchedPage) : null,
+                );
+
+                if ($themeReplacement !== null) {
+                    $content = PageIncludeContent::fromInlineHtml(strval($themeReplacement));
+                }
+            }
+
+            return $content;
+        };
     }
 
     /**
@@ -321,11 +361,10 @@ class PageContent
             return [];
         }
 
-        $doc = $this->loadDocumentFromHtml($htmlContent);
-        $xPath = new DOMXPath($doc);
-        $headers = $xPath->query('//h1|//h2|//h3|//h4|//h5|//h6');
+        $doc = new HtmlDocument($htmlContent);
+        $headers = $doc->queryXPath('//h1|//h2|//h3|//h4|//h5|//h6');
 
-        return $headers ? $this->headerNodesToLevelList($headers) : [];
+        return $headers->count() === 0 ? [] : $this->headerNodesToLevelList($headers);
     }
 
     /**
@@ -358,102 +397,4 @@ class PageContent
 
         return $tree->toArray();
     }
-
-    /**
-     * Remove any page include tags within the given HTML.
-     */
-    protected function blankPageIncludes(string $html): string
-    {
-        return preg_replace("/{{@\s?([0-9].*?)}}/", '', $html);
-    }
-
-    /**
-     * Parse any include tags "{{@<page_id>#section}}" to be part of the page.
-     */
-    protected function parsePageIncludes(string $html): string
-    {
-        $matches = [];
-        preg_match_all("/{{@\s?([0-9].*?)}}/", $html, $matches);
-
-        foreach ($matches[1] as $index => $includeId) {
-            $fullMatch = $matches[0][$index];
-            $splitInclude = explode('#', $includeId, 2);
-
-            // Get page id from reference
-            $pageId = intval($splitInclude[0]);
-            if (is_nan($pageId)) {
-                continue;
-            }
-
-            // Find page to use, and default replacement to empty string for non-matches.
-            /** @var ?Page $matchedPage */
-            $matchedPage = Page::visible()->find($pageId);
-            $replacement = '';
-
-            if ($matchedPage && count($splitInclude) === 1) {
-                // If we only have page id, just insert all page html and continue.
-                $replacement = $matchedPage->html;
-            } elseif ($matchedPage && count($splitInclude) > 1) {
-                // Otherwise, if our include tag defines a section, load that specific content
-                $innerContent = $this->fetchSectionOfPage($matchedPage, $splitInclude[1]);
-                $replacement = trim($innerContent);
-            }
-
-            $themeReplacement = Theme::dispatch(
-                ThemeEvents::PAGE_INCLUDE_PARSE,
-                $includeId,
-                $replacement,
-                clone $this->page,
-                $matchedPage ? (clone $matchedPage) : null,
-            );
-
-            // Perform the content replacement
-            $html = str_replace($fullMatch, $themeReplacement ?? $replacement, $html);
-        }
-
-        return $html;
-    }
-
-    /**
-     * Fetch the content from a specific section of the given page.
-     */
-    protected function fetchSectionOfPage(Page $page, string $sectionId): string
-    {
-        $topLevelTags = ['table', 'ul', 'ol', 'pre'];
-        $doc = $this->loadDocumentFromHtml($page->html);
-
-        // Search included content for the id given and blank out if not exists.
-        $matchingElem = $doc->getElementById($sectionId);
-        if ($matchingElem === null) {
-            return '';
-        }
-
-        // Otherwise replace the content with the found content
-        // Checks if the top-level wrapper should be included by matching on tag types
-        $innerContent = '';
-        $isTopLevel = in_array(strtolower($matchingElem->nodeName), $topLevelTags);
-        if ($isTopLevel) {
-            $innerContent .= $doc->saveHTML($matchingElem);
-        } else {
-            foreach ($matchingElem->childNodes as $childNode) {
-                $innerContent .= $doc->saveHTML($childNode);
-            }
-        }
-        libxml_clear_errors();
-
-        return $innerContent;
-    }
-
-    /**
-     * Create and load a DOMDocument from the given html content.
-     */
-    protected function loadDocumentFromHtml(string $html): DOMDocument
-    {
-        libxml_use_internal_errors(true);
-        $doc = new DOMDocument();
-        $html = '<?xml encoding="utf-8" ?><body>' . $html . '</body>';
-        $doc->loadHTML($html);
-
-        return $doc;
-    }
 }

app/Entities/Tools/PageIncludeContent.php

@@ -0,0 +1,85 @@
+<?php
+
+namespace BookStack\Entities\Tools;
+
+use BookStack\Util\HtmlDocument;
+use DOMNode;
+
+class PageIncludeContent
+{
+    protected static array $topLevelTags = ['table', 'ul', 'ol', 'pre'];
+
+    /**
+     * @param DOMNode[] $contents
+     * @param bool $isInline
+     */
+    public function __construct(
+        protected array $contents,
+        protected bool $isInline,
+    ) {
+    }
+
+    public static function fromHtmlAndTag(string $html, PageIncludeTag $tag): self
+    {
+        if (empty($html)) {
+            return new self([], true);
+        }
+
+        $doc = new HtmlDocument($html);
+
+        $sectionId = $tag->getSectionId();
+        if (!$sectionId) {
+            $contents = [...$doc->getBodyChildren()];
+            return new self($contents, false);
+        }
+
+        $section = $doc->getElementById($sectionId);
+        if (!$section) {
+            return new self([], true);
+        }
+
+        $isTopLevel = in_array(strtolower($section->nodeName), static::$topLevelTags);
+        $contents = $isTopLevel ? [$section] : [...$section->childNodes];
+        return new self($contents, !$isTopLevel);
+    }
+
+    public static function fromInlineHtml(string $html): self
+    {
+        if (empty($html)) {
+            return new self([], true);
+        }
+
+        $doc = new HtmlDocument($html);
+
+        return new self([...$doc->getBodyChildren()], true);
+    }
+
+    public function isInline(): bool
+    {
+        return $this->isInline;
+    }
+
+    public function isEmpty(): bool
+    {
+        return empty($this->contents);
+    }
+
+    /**
+     * @return DOMNode[]
+     */
+    public function toDomNodes(): array
+    {
+        return $this->contents;
+    }
+
+    public function toHtml(): string
+    {
+        $html = '';
+
+        foreach ($this->contents as $content) {
+            $html .= $content->ownerDocument->saveHTML($content);
+        }
+
+        return $html;
+    }
+}

app/Entities/Tools/PageIncludeParser.php

@@ -0,0 +1,220 @@
+<?php
+
+namespace BookStack\Entities\Tools;
+
+use BookStack\Util\HtmlDocument;
+use Closure;
+use DOMDocument;
+use DOMElement;
+use DOMNode;
+use DOMText;
+
+class PageIncludeParser
+{
+    protected static string $includeTagRegex = "/{{@\s?([0-9].*?)}}/";
+
+    /**
+     * Elements to clean up and remove if left empty after a parsing operation.
+     * @var DOMElement[]
+     */
+    protected array $toCleanup = [];
+
+    /**
+     * @param Closure(PageIncludeTag $tag): PageContent $pageContentForId
+     */
+    public function __construct(
+        protected HtmlDocument $doc,
+        protected Closure $pageContentForId,
+    ) {
+    }
+
+    /**
+     * Parse out the include tags.
+     * Returns the count of new content DOM nodes added to the document.
+     */
+    public function parse(): int
+    {
+        $nodesAdded = 0;
+        $tags = $this->locateAndIsolateIncludeTags();
+
+        foreach ($tags as $tag) {
+            /** @var PageIncludeContent $content */
+            $content = $this->pageContentForId->call($this, $tag);
+
+            if (!$content->isInline()) {
+                $parentP = $this->getParentParagraph($tag->domNode);
+                $isWithinParentP = $parentP === $tag->domNode->parentNode;
+                if ($parentP && $isWithinParentP) {
+                    $this->splitNodeAtChildNode($tag->domNode->parentNode, $tag->domNode);
+                } else if ($parentP) {
+                    $this->moveTagNodeToBesideParent($tag, $parentP);
+                }
+            }
+
+            $replacementNodes = $content->toDomNodes();
+            $nodesAdded += count($replacementNodes);
+            $this->replaceNodeWithNodes($tag->domNode, $replacementNodes);
+        }
+
+        $this->cleanup();
+
+        return $nodesAdded;
+    }
+
+    /**
+     * Locate include tags within the given document, isolating them to their
+     * own nodes in the DOM for future targeted manipulation.
+     * @return PageIncludeTag[]
+     */
+    protected function locateAndIsolateIncludeTags(): array
+    {
+        $includeHosts = $this->doc->queryXPath("//*[text()[contains(., '{{@')]]");
+        $includeTags = [];
+
+        /** @var DOMNode $node */
+        foreach ($includeHosts as $node) {
+            /** @var DOMNode $childNode */
+            foreach ($node->childNodes as $childNode) {
+                if ($childNode->nodeName === '#text') {
+                    array_push($includeTags, ...$this->splitTextNodesAtTags($childNode));
+                }
+            }
+        }
+
+        return $includeTags;
+    }
+
+    /**
+     * Takes a text DOMNode and splits its text content at include tags
+     * into multiple text nodes within the original parent.
+     * Returns found PageIncludeTag references.
+     * @return PageIncludeTag[]
+     */
+    protected function splitTextNodesAtTags(DOMNode $textNode): array
+    {
+        $includeTags = [];
+        $text = $textNode->textContent;
+        preg_match_all(static::$includeTagRegex, $text, $matches, PREG_OFFSET_CAPTURE);
+
+        $currentOffset = 0;
+        foreach ($matches[0] as $index => $fullTagMatch) {
+            $tagOuterContent = $fullTagMatch[0];
+            $tagInnerContent = $matches[1][$index][0];
+            $tagStartOffset = $fullTagMatch[1];
+
+            if ($currentOffset < $tagStartOffset) {
+                $previousText = substr($text, $currentOffset, $tagStartOffset - $currentOffset);
+                $textNode->parentNode->insertBefore(new DOMText($previousText), $textNode);
+            }
+
+            $node = $textNode->parentNode->insertBefore(new DOMText($tagOuterContent), $textNode);
+            $includeTags[] = new PageIncludeTag($tagInnerContent, $node);
+            $currentOffset = $tagStartOffset + strlen($tagOuterContent);
+        }
+
+        if ($currentOffset > 0) {
+            $textNode->textContent = substr($text, $currentOffset);
+        }
+
+        return $includeTags;
+    }
+
+    /**
+     * Replace the given node with all those in $replacements
+     * @param DOMNode[] $replacements
+     */
+    protected function replaceNodeWithNodes(DOMNode $toReplace, array $replacements): void
+    {
+        /** @var DOMDocument $targetDoc */
+        $targetDoc = $toReplace->ownerDocument;
+
+        foreach ($replacements as $replacement) {
+            if ($replacement->ownerDocument !== $targetDoc) {
+                $replacement = $targetDoc->importNode($replacement, true);
+            }
+
+            $toReplace->parentNode->insertBefore($replacement, $toReplace);
+        }
+
+        $toReplace->parentNode->removeChild($toReplace);
+    }
+
+    /**
+     * Move a tag node to become a sibling of the given parent.
+     * Will attempt to guess a position based upon the tag content within the parent.
+     */
+    protected function moveTagNodeToBesideParent(PageIncludeTag $tag, DOMNode $parent): void
+    {
+        $parentText = $parent->textContent;
+        $tagPos = strpos($parentText, $tag->tagContent);
+        $before = $tagPos < (strlen($parentText) / 2);
+        $this->toCleanup[] = $tag->domNode->parentNode;
+
+        if ($before) {
+            $parent->parentNode->insertBefore($tag->domNode, $parent);
+        } else {
+            $parent->parentNode->insertBefore($tag->domNode, $parent->nextSibling);
+        }
+    }
+
+    /**
+     * Splits the given $parentNode at the location of the $domNode within it.
+     * Attempts replicate the original $parentNode, moving some of their parent
+     * children in where needed, before adding the $domNode between.
+     */
+    protected function splitNodeAtChildNode(DOMElement $parentNode, DOMNode $domNode): void
+    {
+        $children = [...$parentNode->childNodes];
+        $splitPos = array_search($domNode, $children, true);
+        if ($splitPos === false) {
+            $splitPos = count($children) - 1;
+        }
+
+        $parentClone = $parentNode->cloneNode();
+        $parentNode->parentNode->insertBefore($parentClone, $parentNode);
+        $parentClone->removeAttribute('id');
+
+        for ($i = 0; $i < $splitPos; $i++) {
+            /** @var DOMNode $child */
+            $child = $children[$i];
+            $parentClone->appendChild($child);
+        }
+
+        $parentNode->parentNode->insertBefore($domNode, $parentNode);
+
+        $this->toCleanup[] = $parentNode;
+        $this->toCleanup[] = $parentClone;
+    }
+
+    /**
+     * Get the parent paragraph of the given node, if existing.
+     */
+    protected function getParentParagraph(DOMNode $parent): ?DOMNode
+    {
+        do {
+            if (strtolower($parent->nodeName) === 'p') {
+                return $parent;
+            }
+
+            $parent = $parent->parentNode;
+        } while ($parent !== null);
+
+        return null;
+    }
+
+    /**
+     * Cleanup after a parse operation.
+     * Removes stranded elements we may have left during the parse.
+     */
+    protected function cleanup(): void
+    {
+        foreach ($this->toCleanup as $element) {
+            $element->normalize();
+            while ($element->parentNode && !$element->hasChildNodes()) {
+                $parent = $element->parentNode;
+                $parent->removeChild($element);
+                $element = $parent;
+            }
+        }
+    }
+}

app/Entities/Tools/PageIncludeTag.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace BookStack\Entities\Tools;
+
+use DOMNode;
+
+class PageIncludeTag
+{
+    public function __construct(
+        public string $tagContent,
+        public DOMNode $domNode,
+    ) {
+    }
+
+    /**
+     * Get the page ID that this tag references.
+     */
+    public function getPageId(): int
+    {
+        return intval(trim(explode('#', $this->tagContent, 2)[0]));
+    }
+
+    /**
+     * Get the section ID that this tag references (if any)
+     */
+    public function getSectionId(): string
+    {
+        return trim(explode('#', $this->tagContent, 2)[1] ?? '');
+    }
+}

app/Entities/Tools/TrashCan.php

@@ -197,11 +197,15 @@ class TrashCan
         $page->allRevisions()->delete();
 
         // Delete Attached Files
-        $attachmentService = app(AttachmentService::class);
+        $attachmentService = app()->make(AttachmentService::class);
         foreach ($page->attachments as $attachment) {
             $attachmentService->deleteFile($attachment);
         }
 
+        // Remove book template usages
+        Book::query()->where('default_template_id', '=', $page->id)
+            ->update(['default_template_id' => null]);
+
         $page->forceDelete();
 
         return 1;
@@ -376,6 +380,7 @@ class TrashCan
         $entity->searchTerms()->delete();
         $entity->deletions()->delete();
         $entity->favourites()->delete();
+        $entity->watches()->delete();
         $entity->referencesTo()->delete();
         $entity->referencesFrom()->delete();
 

app/Exceptions/Handler.php

@@ -6,9 +6,12 @@ use Exception;
 use Illuminate\Auth\AuthenticationException;
 use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
+use Illuminate\Http\Exceptions\PostTooLargeException;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
+use Illuminate\Http\Response;
 use Illuminate\Validation\ValidationException;
+use Symfony\Component\ErrorHandler\Error\FatalError;
 use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
 use Throwable;
 
@@ -35,6 +38,15 @@ class Handler extends ExceptionHandler
         'password_confirmation',
     ];
 
+    /**
+     * A function to run upon out of memory.
+     * If it returns a response, that will be provided back to the request
+     * upon an out of memory event.
+     *
+     * @var ?callable(): ?Response
+     */
+    protected $onOutOfMemory = null;
+
     /**
      * Report or log an exception.
      *
@@ -59,6 +71,17 @@ class Handler extends ExceptionHandler
      */
     public function render($request, Throwable $e)
     {
+        if ($e instanceof FatalError && str_contains($e->getMessage(), 'bytes exhausted (tried to allocate') && $this->onOutOfMemory) {
+            $response = call_user_func($this->onOutOfMemory);
+            if ($response) {
+                return $response;
+            }
+        }
+
+        if ($e instanceof PostTooLargeException) {
+            $e = new NotifyException(trans('errors.server_post_limit'), '/', 413);
+        }
+
         if ($this->isApiRequest($request)) {
             return $this->renderApiException($e);
         }
@@ -66,12 +89,30 @@ class Handler extends ExceptionHandler
         return parent::render($request, $e);
     }
 
+    /**
+     * Provide a function to be called when an out of memory event occurs.
+     * If the callable returns a response, this response will be returned
+     * to the request upon error.
+     */
+    public function prepareForOutOfMemory(callable $onOutOfMemory)
+    {
+        $this->onOutOfMemory = $onOutOfMemory;
+    }
+
+    /**
+     * Forget the current out of memory handler, if existing.
+     */
+    public function forgetOutOfMemoryHandler()
+    {
+        $this->onOutOfMemory = null;
+    }
+
     /**
      * Check if the given request is an API request.
      */
     protected function isApiRequest(Request $request): bool
     {
-        return strpos($request->path(), 'api/') === 0;
+        return str_starts_with($request->path(), 'api/');
     }
 
     /**

app/Exceptions/ThemeException.php

@@ -0,0 +1,7 @@
+<?php
+
+namespace BookStack\Exceptions;
+
+class ThemeException extends \Exception
+{
+}